On Fri, 12 Jul 2002 14:01, Andreas Metzler wrote: > Michael Koch <[EMAIL PROTECTED]> wrote: > [packaging a game] > > > to make this dir writeable by the game there are two possibilities: > > 1) adding the gamer to the group "games" or > > 2) making /usr/games/uclient set-group-id > > > > What is the preferred way ? > > 2. > See Policy 12.11. > cu andreas
For SE Linux I am thinking of making all programs in /usr/games trigger a domain transition to a domain that can't write to regular files in a user's home directory (only to user_home_games_t not user_home_t), can't kill, ptrace, or otherwise molest regular user processes, but can write to /var/games etc. What do you think? -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
