On 06/16/2009 08:32 AM, Daniel J Walsh wrote:
Unconfined processes tend to stay unconfined. That is what uses expect, telling them that they are executing an uconfined process that suddenly becomes confined, seems wrong to them. That being said, you can end up with mislabeled files because of this. So unconfined_t -> squid_exec_t -> unconfined_t But unconfined processes starting init scripts have a transition unconfined_t -> initrc_exec_t -> initrc_t -> squid_exec_t -> squid_t So any time you are using a confined process you should use the init script to start them, otherwise you could get mislabeled files.
I also just wrote a blog on this. http://danwalsh.livejournal.com/29041.html -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
