On Mon, 2008-07-07 14:47 -0500, Stephen Smalley wrote: > On Mon, 2008-07-07 at 13:42 -0500, Serge E. Hallyn wrote: > >> It looks like unconfined_t is not granted setfcap capability. So >> when running ltp as unconfined_t, the file capabilities test fails. >> I'm just wondering what the right answer is: >> >> 1. require running ltp as an administrative type >> 2. give ltp a custom policy module to create an ltp_t >> 3. give setfcap to unconfined_t >> > unconfined_t should have all capabilities already. > Policy version?
Well, earlier today while running as _root_ with full-blown permissions, I noticed that I couldn't access */home/dave/.gvfs*, (except to see that it is a directory). [EMAIL PROTECTED] ~]$ *ls -ld /home/dave/.gvfs* dr-x------ 2 dave durant 0 2008-07-07 09:40 /home/dave/.gvfs [EMAIL PROTECTED] ~]$ su - Password: [EMAIL PROTECTED] ~]# *ls -ld .gvfs* ls: cannot access /home/dave/.gvfs: Permission denied [EMAIL PROTECTED] ~]# *secon* user: unconfined_u role: unconfined_r type: unconfined_t sensitivity: s0 clearance: s0:c0.c1023 mls-range: s0-s0:c0.c1023 [EMAIL PROTECTED] ~]# David L Durant ================= ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
