On Wed, 2006-04-12 at 14:43 -0400, Stephen Smalley wrote: > > And "some process" can be as simple as umount: > > > > # ls -Z /etc/mtab > > -rw-r--r-- root root system_u:object_r:etc_runtime_t /etc/mtab > > # ls -i /etc/mtab > > 31987 /etc/mtab > > # umount /opt > > # ls -Z /etc/mtab > > -rw-r--r-- root root user_u:object_r:etc_t /etc/mtab > > # ls -i /etc/mtab > > 33358 /etc/mtab > > Hmm...that's interesting. umount should run in the same domain as > mount, and they should thus have a type transition on etc_t:file to > etc_runtime_t. ls -Z /bin/umount Looks like there is no transition defined into mount_t from unconfined_t? So umount and mount are just run in unconfined_t? And unconfined_t lacks the type transition? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
