2007/12/10, Stephen Smalley <sds@xxxxxxxxxxxxx>: > On Sat, 2007-12-08 at 22:47 +0900, Shintaro Fujiwara wrote: > > Hi, I have a question on differences between permissve and enforcing. > > > > I installed courier-imap from source (as always), and configured > > courier.te, courier.fc just to apply installation-path to souece installation. > > > > There are two say, daemons, courier_$1_t, i.e. courier_authdaemon_t, > > and I had to declair > > domain_auto_trans(initrc_t, courier_exec_t, courier_t) > > (courier_t was not declared in courier.te, so I did) > > as I declared starting script in /etc/rc.d/rc.local. > > > > I set selinux enforcing and found that courier_authdaemon_t started all-right, > > but courier_t not. > > When I set selinux permissive, it started all-right. > > > > How should I fix this problem ? > > Just to clarify, there is a difference between permissive and enforcing > with regard to type transitions. In permissive, if the type transition > would yield an invalid context (e.g. role is not authorized for the new > type), it nonetheless is allowed to proceed, whereas in enforcing mode, > it fails. I had a same kind of problem on cron in F6. I solved it somehow at the time, though. Now I'm trying to configure bind and it does not start up even in permissive. I think something is wrong with the application itself? I will ask again if I have a question on SELinux related matters. Thanks ! > -- > Stephen Smalley > National Security Agency > > -- Shintaro Fujiwara segatex project (SELinux policy tool) http://sourceforge.net/projects/segatex/ Home page http://intrajp.no-ip.com/ Blog http://intrajp.no-ip.com/nucleus/ CMS http://intrajp.no-ip.com/xoops/ Wiki http://intrajp.no-ip.com/pukiwiki/ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
