From: michal.svoboda@agents.felk.cvut.cz (Michal Svoboda)
Date: Mon, 1 Mar 2010 11:22:21 +0100
Subject: [refpolicy] Possible regression and bug in
 userdom_base_user_template
In-Reply-To: <1267021762.9127.65.camel@gorn>
 <4B85395E.7070302@redhat.com>
Message-ID: <20100301102220.GF3990@myhost.felk.cvut.cz>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



Christopher J. PeBenito wrote:
> The Fedora list is more appropriate for this discussion, as these rules
> are specific to the Fedora policy.

Okay, it seems so, thanks. But the usr_t rule remains in refpolicy too.
Is the reasoning here the same? That is

Daniel J Walsh wrote:
>    Executing usr_t is not that big of a security risk.

... because from the purity point of view it would seem that usr_t
should be a label of read only, non-executable files.

Michal Svoboda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100301/0ba2e055/attachment.bin