On Sat, 2002-07-13 at 02:28, Joseph Carter wrote: > > I plan to solve that by having the following rule: > > file_type_auto_trans(user_games_t, user_home_dir_t, user_home_games_t) > > > > So when the user_games_t domain (entered by executing a games_exec_t program > > from the user_t domain) creates a file under the user_home_dir_t directory > > (the user's home dir) then a new file or directory can be created with type > > user_home_games_t (and user_games_t gets full access to that type). > > If I have to recompile all of my games which use ~/.foorc or ~/.foo/bar > and move everything around, I will be somewhat annoyed. It might be a > good thng to do anyway (I have some 200+ dotfiles/dotdirs in ~) but I will > still be annoyed. =)
I don't think any changes to source code or any recompilations would be required. Only the selinux policy needs to be changed. It sounds like a good idea to me, it restricts what files games can access if they are somehow compromised. -- Brian May <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
