[refpolicy] [patch 2/2] namespace: new policy for namespace.init script
Christopher J. PeBenito
cpebenito at tresys.com
Mon Mar 21 09:44:34 CDT 2011
On 03/03/11 05:44, Miroslav Grepl wrote:
> http://mgrepl.fedorapeople.org/F15/apps_namespace_p2.patch
>
> * adds polydomain attribute for login programs
I'm unsure why this is necessary.
> * namespace.init runs restorecon
> * make ssh_home_t parent of polyinstantiated directory since
> pam_namespace.so can be used for ssh
I don't think I follow. Wouldn't the whole home directory be
polyinstantiated, not just the .ssh dir?
> * make user_tmp_t parent of polyinstantiated directory
This also seems odd.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list