On Sun, 2004-08-15 at 02:03, Colin Walters wrote: > You can see from the above that when I originally executed the script, I > remained in the security context root:sysadm_r:sysadm_t. That's because > the script had the bin_t type, and there is no transition. However, > when I changed the type of the script to unconfined_exec_t, this caused > a transition to root:sysadm_r:unconfined_t (note the different type). > > So what you would do is create your own domain foo_script_t, and just > do: > chcon -t foo_script_t /path/to/script Just as a reminder, domain transitions on scripts should only be done when shedding permissions. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
