On Tue, 2005-08-16 at 08:39, Tim wrote: > > "world readable" is a DAC based permission model. SELinux is MAC based. > > see Fedora SELinux FAQ on this. The whole point of SELinux is to > > restrict operations based on the process above and top of the classic > > Linux permissions > > Be that as it may, it's counterintuitive: Why should we have to set > permissions in two different ways? If you don't want two different security checks you can disable SELinux and run the way unix systems have for decades. > If we set something as world > readable, let the system actually apply that setting (it should also set > appropriate SELinux restrictions for you). 'Appropriate' SELinux relate to the process involved, not the files so this is impossible. > Owner permissions are one thing. But setting something as world > readable ought to be treated just as you intended. It is. If you run SELinux it means you intend for it to add the SELinux access controls in addition to the file based ones. If that isn't what you want, disable it (and reboot...). -- Les Mikesell lesmikesell@xxxxxxxxx
