(Non)Domain Transitioning

Russell Coker russell at coker.com.au
Tue Jun 15 02:05:35 UTC 2004


On Tue, 15 Jun 2004 05:38, Kirk Vogelsang <kvogelsa at ccs.neu.edu> wrote:
> I'm having some problems getting the snortcenter agent (miniserv.pl)
> to start snort and transition snort to the appropriate snort_t domain.
> When miniserv starts snort, snort continues to run in the miniserv
> domain, snort_agent_t (domain I created.)
>
> avc messages show miniserv starting snort with execute_no_trans,
> which I believe is the problem:

The following policy should do it.
domain_auto_trans(snort_agent_t, snort_exec_t, snort_t)

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



More information about the fedora-selinux-list mailing list