Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Stephen Smalley wrote:
On Fri, 2005-09-23 at 16:09 -0400, Matthew Saltzman wrote:
Can nobody here help with this (and if not, where could I go for
assistance)? selinux-policy-targeted-1.27.1-2.1 does not solve the
problem.
From the audit messages you posted, I would have expected that:
- a new type would have been assigned to /usr/share/hwdata, and apmd_t
would have been allowed to read it.
I am making this change.
- tmp_domain(apmd_t) would have been added to enable it to create its
own temporary files under /tmp without disturbing anyone else's
temporary files.
Looking at the latest rawhide targeted policy (1.27.1-5), it looks like
the tmp_domain() has been added, it has been directly allowed to read
usr_t (which I would have preferred not doing) and it has been made
unconfined in targeted policy (which seems overkill). So I would expect
your scripts to work just fine with that policy, even though I'd still
favor adding a new type for /usr/share/hwdata and not making apmd_t
completely unconfined.
The problem is there is no standard scripts for this yet. Trying to
lock down acpid is a moving target at this time, until the distros
settle on a standard way of doing this. So until then it is better to
run unconfined. If in FC5 timeframe a standard
develops in Fedora, I will make the policy work and remove the
unconfined_domain.
--
|
| |
