On Sun, 2005-01-09 at 01:20 -0500, Valdis.Kletnieks@xxxxxx wrote: > I notice yours is flagged as 'unconfined_t', which smells a lot like running > the targeted policy. The design point for that policy is "constrain certain > daemons, but assume that users are in general trusted and know what they're doing". > As such, it's assuming that if you're loading the policy from a chroot that > you know what you're doing and should be allowed to do so. If that doesn't > describe how you want things to work, maybe you should be running 'strict' > instead of 'targeted'? I actually like the flexibility of targeted and I tried strict yesterday and it causes my system to hang. When I do get the chance I will play around with strict though. Bob -- Bob Kashani http://www.ocf.berkeley.edu/~bobk/garnome
