On Thu, 2005-01-06 at 10:16, Daniel J Walsh wrote: > Stephen Smalley wrote: > >I'm not clear on why ldconfig runs in its own domain at all under > >targeted policy (vs. unconfined_t). It used to just run unconfined_t in > >older versions of the targeted policy. Is it an attempt to preserve the > >type on /etc/ld.so.cache via the file type transition rules? > > > > > > > Yes. Ok, so why not just add an unconfined_domain(ldconfig_t) to unconfined.te in the targeted policy, so that ldconfig will still have the file type transition rule but will be unrestricted there. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
