-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/20/2013 08:39 AM, Thorsten Scherf wrote:
On [Mon, 20.05.2013 13:17], Dominick Grift wrote:
On Mon, 2013-05-20 at 09:41 +0200, Dominick Grift wrote:
On Mon, 2013-05-20 at 09:28 +0300, Thorsten Scherf wrote:
On [Sun, 19.05.2013 17:15], Dominick Grift wrote:
On Sun, 2013-05-19 at 14:15 +0300, Thorsten Scherf wrote:
Following setup:
iucv instance is started via upstart to make iucv connections available in a z/VM environment:
# cat /etc/init/iucv.conf start on runlevel [2345] stop on runlevel [01] respawn exec /usr/bin/iucvtty lnxterm
iucvtty is running in init_t:
# ps -efZ|grep iucv system_u:system_r:init_t:s0 root 1788 1 0 13:56 ? 00:00:00
/usr/bin/iucvtty lnxterm
I can help you write policy for iucv. If you want help, then please come see me (grift) on #fedora-selinux at irc.freenode.org (internet relay chat)
Thanks Dominik, but I think I can manage it. Will let you know if I need further help.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes running login ranged would be better then giving it overrides, because theoretically, someone might want to run login program with less categories.
In the MLS world you might want to setup local login to only be able to reach Secret level for example.