Testing SELinux

[Paul Howarth]

On Tue, 11 Aug 2009 17:26:02 +0100
John Smith <linuxking at live.com> wrote:

> 
> Hello,
> I'm doing a testing for SELinux, so far I have create a domain for a
> special program. It does work correctly. I have not given the domain
> any permissions to access any top leve directories or their
> subdirectories since I am running it in chroot. The thing when it
> came to testing now, I have created some bash files, and labelled
> with with exec as the entry to the domain. But even after changing
> the default security context for these bash files, when executing
> them, the still be in unconfined domain instead of entering the new
> domain for testing. Anyone can identify where is the problem?

Transitioning to a domain usually happens via an initscript; if you
want to be able to transition to your new domain from an unconfined
domain, you'll need to add that transition specifically into your
policy.

Is your program normally started from an initscript?

Paul.