[redhat-lspp] Xinetd patches for selinux context configuration
Paul Moore
paul.moore at hp.com
Wed Nov 29 06:00:25 UTC 2006
On Tuesday 28 November 2006 6:13 pm, James Antill wrote:
> Example config.:
>
> # selinux_context = user_u:system_r:inetd_t:SystemLow-SystemHigh
> selinux_context = user_u:system_r:httpd_t
> # selinux_context = user_u:system_r:fingerd_t
>
> Anyway, here are the patches/rpms:
>
> http://people.redhat.com/jantill/xinetd/
I just took a quick look at the patch and I have to ask why you decided to
take the context from the xinetd config file instead of using
security_compute_create() as described in BZ #209379? As it stands I don't
think the current approach of taking the full SELinux context (TE and MLS
label) from the config file solves the problem we are interested in -
multi-level network services via xinetd.
Thanks for working on this.
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list