Daniel J Walsh wrote:
On 12/07/2010 12:46 PM, m.roth@5-cent.us wrote:
Daniel J Walsh wrote:
On 12/07/2010 11:59 AM, Benjamin Franz wrote:
On 12/07/2010 08:12 AM, Daniel J Walsh wrote:
<mvnch>
What have you done for folks who have third-party software, either F/OSS or COTS, or in-house developed stuff, *none* of which was written with selinux in mind, and is *not* going to be rewritten any time soon? You've seen me on the selinux list, and I have yet to figure out why I
see the
complaints about contexts, since they *appear* to be temp files, and I don't know where they're located, or where the CGI scripts are that create them are, and *all* of it's got the added complexity that some
of that
are on NFS-mounted directories.
We have attempted to work with them, setup default labeling for them when we know about the problems, embarrass them when they say you need to disable SELInux. Red Hat is working on new developer tools to help third party developers work on RHEL systems. I am not sure what else I can do to get them to work with the security systems in place on RHEL.
Ok, it's good to know you are thinking about that. How 'bout a tool, point it at a directory, and it reports only the files/directories that are default, or break policy, or that *might* suggest where there's a problem (scripts in this directory will write default_t if they run anywhere but /here/ohly/, etc?
mark