On Tue, 2005-05-24 at 13:41 -0400, James Z. Li wrote: > The genral question is that if I write policy files for an application > which is currently not in targeted policy, like mydaemon.fc and > mydaemon.te. What should I do besides 'make load' in order to > let Selinux know that I add a new daemon in targeted ? You need to label the executable with the corresponding executable type, e.g. restorecon /sbin/mydaemon, after loading the new policy. That sets the extended attribute on the executable file, so that SELinux will subsequently perform a domain transition when it is executed. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
