Paul Howarth wrote: > On Fri, 2006-07-21 at 14:14 -0700, Michael Thomas wrote: > >>>You should check that the transition has happened by running ps with the >>>"-Z" option to show the process context when you're running the >>>application. >> >>It shows up as crossfire_exec_t because... > > > crossfire_exec_t? Not crossfire_t? You're right, it is user_u:system_r:crossfire_t >>>>Some things that would be nice to clarify: >>>> >>>>Should selinux be added as a subpackage or automatically included in the >>>>base package? >>> >>> >>>I don't have a strong opinion either way on this. I've tended to stick >>>to keeping everything together because I find it easier to manage that >>>way. As long as the SELinux bits don't get in the way of people not >>>using them, I don't think it's a problem. >> >>I think I would prefer to use a separate package (not integrated with >>the base package), so that the policy can be turned on and off by simply >>installing/uninstalling the -selinux package. > > > Bear in mind that there should be a crossfire_disable_trans boolean that > would turn off the policy (or rather the transition to crossfire_t) when > set, without having to uninstall the policy. Is it enough to add the boolean to crossfire.te, or do I need to add anything in the .if file as well? type crossfire_t; type crossfire_exec_t; domain_type(crossfire_t) init_daemon_domain(crossfire_t, crossfire_exec_t) bool crossfire_disable_trans; --Mike -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
