On Fri, Jul 12, 2002 at 04:47:43PM +0200, Russell Coker <[EMAIL PROTECTED]> was heard to say: > On Fri, 12 Jul 2002 14:01, Andreas Metzler wrote: > > Michael Koch <[EMAIL PROTECTED]> wrote: > > [packaging a game] > > > > > to make this dir writeable by the game there are two possibilities: > > > 1) adding the gamer to the group "games" or > > > 2) making /usr/games/uclient set-group-id > > > > > > What is the preferred way ? > > > > 2. > > See Policy 12.11. > > cu andreas > > For SE Linux I am thinking of making all programs in /usr/games trigger a > domain transition to a domain that can't write to regular files in a user's > home directory (only to user_home_games_t not user_home_t), can't kill, > ptrace, or otherwise molest regular user processes, but can write to > /var/games etc.
A lot of games need to write to the user's home directory (eg, to store configuration options, saved games, etc) -- aside from that, it might be useful. Daniel, with no idea what the context of this thread is. -- /-------------------- Daniel Burrows <[EMAIL PROTECTED]> -------------------\ | Voodoo Programming: Things programmers do | | that they know shouldn't work but they try | | anyway, and which sometimes actually work, | | such as recompiling everything. | \----------------- The Turtle Moves! -- http://www.lspace.org ----------------/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
