Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Arthur Pemberton wrote:

If I asked how to determine whether or not some particular access would
be permitted or denied by the traditional unix mechanism you wouldn't
have any trouble describing how to verify it in terms of permissions
down the file path.  I'm asking the same question about SELinux.

1) familiarize ones self with the rules , as one has to do with
traditional secuirty

But the traditional unix rules are extremely simple, and being able to understand and verify them is one of their biggest virtues.

2) or just try it and see if it is allowed or not

When something applies only to a particular process, how can you try it without running that process - which may have destructive side effects if it fails?

How, for example, would you determine if some change will make it
necessary to relabel?   How, other than running something and letting it
fail to get the log message, do you positively determine that some
specific access will be permitted or denied?

perms can be viewed with `ls` and there is some command that provides
the current settings.

How would you do it with traditional tools?

The shortcut test is to su to the user in question and try to access the file/device. The only slightly more complicated way is to walk down the path looking at the permissions for user/group/other on the file and the directories above.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux