On Sat, 2004-11-27 at 05:03 -0800, Karsten Wade wrote: > init is started with the unconfined_t context? Was this behavior that > changed between FC2 and FC3, or am I missing something fundamental here? I think the distinction is just targeted vs. strict policy; FC2 didn't have targeted. So basically everything just starts out as unconfined, including the kernel, and then transitions happen for a few specific domains like httpd_t. For strict policy, I think it's pretty much as Russell described it. Does that answer your question?
