Daniel J Walsh
dwalsh at redhat.com
Tue Dec 9 07:43:18 CST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Martin Orr wrote:
> On 02/12/08 22:51, Christopher J. PeBenito wrote:
>> On Tue, 2008-11-25 at 16:35 -0500, Daniel J Walsh wrote:
>>> Add bin_t for ConsoleKit scripts
>> Merged, with some rearrangement.
> It is not clear to me - why should these be labelled as bin_t instead of
> consolekit_exec_t? Are they run by anything other than consolekit?
> Best wishes,
not currently, but we do not always label all binaries with a context
that can cause a transition. And theoretically these scripts could be
used by another application. Just because a script is labeled bin_t and
can be executed by a confined domain, does not mean it adds any privs to
the confined domain. bin_t apps will execute in the current domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the refpolicy