On Thu, 2005-12-08 at 14:31 -0500, Chuck Anderson wrote: > I've disabled SELinux protection of mysqld since it was causing major > performance problems. More information about those performance problems would be of interest. > This fixed the problem. However, is mysqld supposed to be running as > initrc_t instead of unconfined_t when mysqld_disable_trans is set? In FC4 and later, yes. FC4 re-introduced the use of separate initial domains for system initialization, transitioning later to unconfined_t, rather than starting the system in unconfined_t as in FC3, which allows some useful distinctions to be made. But in targeted policy, initrc.te contains unconfined_domain(initrc_t), so it still ends up with full permissions. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
