On Mon, 2004-08-23 at 11:31, Tom London wrote: > Latest Rawhide policy seems to 'reverse the labeling' of programs > started from xinetd, like in.comsat, ... (strict/enforcing) inetd.fc entries removed at Russell's request, as the inetd_child_t domain wasn't sufficient anyway to allow those programs to run properly, and labeling them inetd_child_exec_t merely masked the lack of proper security domains for those programs and encouraged bleeding permissions into inetd_child_t. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
