On 03/05/2010 08:32 PM, Daniel B. Thurman wrote: > 1) How did the label get set this way in the first place? 1. My bet is that some process created the file whilst the system was in permissive mode. This process does not have a rule defined for this action and defaulted to the default label. 2. It could also be that some daemon that is currently unconfined due to not having policy (fallback to initrc_t) created it. (see if any processes run as initrc_t: ps auxZ | grep initrc_t) 3. Or some user application may have created it. By default users operate in a unconfined user domain. Almost any app that a user executes inherits this unconfined domain and is thus allowed (almost) full access, and be able to create the file there. I may be wrong though because i did not investigate the issue. The big question: What creates the object .index? > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux