-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/11/2010 12:10 PM, Xavier Toth wrote: > I'm a bit confused about something. mcstransd creates a socket and > through a transition rule it get labeled setrans_var_run_t (this is > also the type used with mls_trusted_object in the setrans policy) > however when other apps try and connect to it the target context type > is setrans_t which of course isn't trusted so no one can connect. As > an experiment I added setrans_t as a mls trusted object and then other > apps could connect. Not sure where the target context comes from on > connectto because the socket file is label setrans_var_run_t on the > disk. Something needs fixing just not sure what. Doesn't seem right to > add 'mls_trusted_object(setrans_t)'. > > Ted > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > Since connectto has a constraint on it, I think we need to add this also? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEUEARECAAYFAkvpo7gACgkQrlYvE4MpobOuugCYo2aC2+irPvhnzmLDzKwIfdQN MQCfd+sRrhhUQKVrb8WQZ72CEaRAcHs= =I0Lq -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
