I'm a bit confused about something. mcstransd creates a socket and through a transition rule it get labeled setrans_var_run_t (this is also the type used with mls_trusted_object in the setrans policy) however when other apps try and connect to it the target context type is setrans_t which of course isn't trusted so no one can connect. As an experiment I added setrans_t as a mls trusted object and then other apps could connect. Not sure where the target context comes from on connectto because the socket file is label setrans_var_run_t on the disk. Something needs fixing just not sure what. Doesn't seem right to add 'mls_trusted_object(setrans_t)'. Ted -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
