writing a policy. Confused about domain transition.
yiruli at ccsl.carleton.ca
yiruli at ccsl.carleton.ca
Sat Jul 19 19:26:55 UTC 2008
Hi,
I am practising to write a policy for a music player called soundjuicer.
Policy Tool I used: selinux-polgengui
The beginning part of soundjuicer1.te is as follows:
----------------------------------------------------
type soundjuicer1_t;
type soundjuicer1_exec_t;
application_domain(soundjuicer1_t, soundjuicer1_exec_t)
role user_r types soundjuicer1_t;
.....
-------------------------------------------------------
The context of login id is (id -Z):
user_u:user_r:user_t
I loaded the module. And then I run the music player both from
terminal and GUI. I checked the context of the soundjuicer process.
The context of the process is : user_u:user_r:user_t
Question:
With the context for the process, user_u:user_r:user_t, can I say that
the security policy for the program is not being enforced, because of
the failure of domain transition?
Should the context of the process be: user_u:user_r:soundjuicer1_t?
thanks
Yiru Li
More information about the fedora-selinux-list
mailing list