extras package that require changes in selinux-policy (initng)
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 2 18:13:02 UTC 2006
On Thu, 2006-02-02 at 18:48 +0100, dragoran wrote:
> so what is the solution? use setexecon() to run the daemons as initrc_t
> to let the domain transitions take effect?
No, that wouldn't work, nor it is useful.
> this should also be init_t -> initrc_t -> daemon .. or did I miss /
> missunderstood something?
As I said, the policy could be extended to include direct transitions
from init_t -> daemon domains so that initng would work as is. But that
needs to be taken up on selinux list and directed to refpolicy
maintainers.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list