i read the article from : http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/ and i recently installed setools to (hopefully) understand more about SELinux. in the article, it is shown (and i tried) that xguest_t role cannot communicate using AOL. the xguest_t can launch pidgin in /usr/bin/ though. AOL uses the port 5190 and that port has the 'aol_port_t' type. so i created the new policy rule as per the tutorial and now my xguest_t can use pidgin and talk on AOL. if i were to use 'apol' to understand the changes made by the new policy change, how should i do it? i tried to do a 'domain transition analysis', starting from the xguest_t type and then see how many ways xguest_t can transit to the aol_port_t type, and tried to compare the 'before' and 'after' policy addition. But i could not tell any difference. so i guess my question is more of how to use 'apol' to obtain meaningful information such as this. i cannot help but feel overwhelmed using apol because there are so many options and so much information coming back at me. thank you -- View this message in context: http://www.nabble.com/What-changed-that-allows-xguest-to-go-on-AOL--tp23480891p23480891.html Sent from the Fedora SELinux List mailing list archive at Nabble.com. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
