On Wed, 2016-08-10 at 19:26 +0000, Zbigniew Jędrzejewski-Szmek wrote: > > For example if I login as unconfined_t and want to run a service as > > httpd_t, then I need to be able to transition from > > unconfined_t to httpd_t. As long as systemd-user is running as the user > > domain, then SElinux will control this. > > That doesn't seem useful ;) Why would a user by able run anything as httpd_t? Just to jump in (I haven't fully read the context), I recall needing to do this once before to debug a particularly thorny SELinux bug... -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
