Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Odd boolean in /etc/selinux/strict/booleans?: msg#00241
|
Subject: |
Re: Odd boolean in /etc/selinux/strict/booleans? |
On Thu, 2005-03-31 at 11:09 -0500, Daniel J Walsh wrote:
> Ivan Gyurdiev wrote:
>
> >>Bad name in the installed file. It used to be disable_games. We might
> >>want to add a
> >>boolean back in to prevent users from running games at all. But we
> >>would need to remove
> >>exec_type from the attribute.
> >>
> >>
> >
> >Prevent users from running games? Why do we want to do that?
> >What's wrong with the current approach to doing this...namely..don't
> >install any games, and then the users won't be running them.
> >
> >
> >
> I am thinking of the situation where you might want to users in a
> certain role allowed to play games and others not, on a shared
> machine. A more interesting example would be to disallow sysadm from
> running games, mozilla ...
>
> Basically a user accidently runs mozilla or a game while newroled to
> sysadm. Might be nice to have that error out.
> Ordinarily a transition happens but still It would be nice to prevent this.
I actually see SElinux as suited for the *opposite* phenomenon.
Particularly, while on a legacy machine running mozilla and company as
root would not be a very bright idea, on a SElinux-constrained machine
it shouldn't be so bad (it's confined, how much damage can it do?).
--
Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
Cornell University
|
| |
