From: michal.svoboda@agents.felk.cvut.cz (Michal Svoboda)
Date: Mon, 1 Mar 2010 16:01:33 +0100
Subject: [refpolicy] Possible regression and bug in
 userdom_base_user_template
In-Reply-To: <1267450925.30557.7.camel@gorn.columbia.tresys.com>
References: <20100301102220.GF3990@myhost.felk.cvut.cz>
	<1267450925.30557.7.camel@gorn.columbia.tresys.com>
Message-ID: <20100301150133.GG3990@myhost.felk.cvut.cz>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

Christopher J. PeBenito wrote:
> (have you looked to see what files are executable in /usr/share?)

I don't seem to have any. But let's assume there are such.

> I agree with Dan, I don't feel its a big deal.  usr_t files should be
> high integrity system files, just like bin_t files are.

It seems a little odd that usr_t privilege is in refpolicy, but bin_t is
a fedora ext.

However, this all was beside my point. Suppose it's a good thing, the
way the base_user_template macro works right now. I understand that
user_u will want to poke wildlife things in /usr/share, but that doesn't
mean every se-user needs to that. So is there a macro that defines a
really minimal user?

For example, if I want to create a restricted user type for sftp or svn
that does not require executing anything besides one fixed program, what
macro or template should I use?

Regards,
Michal Svoboda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100301/6062b249/attachment.bin