Re: talking to mcstrans in MLS enforcing on rhel6 beta

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/11/2010 12:10 PM, Xavier Toth wrote:
> I'm a bit confused about something. mcstransd creates a socket and
> through a transition rule it get labeled setrans_var_run_t (this is
> also the type used with mls_trusted_object in the setrans policy)
> however when other apps try and connect to it the target context type
> is setrans_t which of course isn't trusted so no one can connect. As
> an experiment I added setrans_t as a mls trusted object and then other
> apps could connect. Not sure where the target context comes from on
> connectto because the socket file is label setrans_var_run_t on the
> disk. Something needs fixing just not sure what. Doesn't seem right to
> add 'mls_trusted_object(setrans_t)'.
> 
> Ted
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
Since connectto has a constraint on it, I think we need to add this also?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEUEARECAAYFAkvpo7gACgkQrlYvE4MpobOuugCYo2aC2+irPvhnzmLDzKwIfdQN
MQCfd+sRrhhUQKVrb8WQZ72CEaRAcHs=
=I0Lq
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux