-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/22/2010 11:07 PM, Jorge Fábregas wrote:
> Hi,
>
> I was using sesearch to verify the allow rule for sshd and how it transitions
> to unconfined_t:
>
> # sesearch --allow -s sshd_t -c process -p transition
> Found 12 semantic av rules:
> allow sshd_t oddjob_mkhomedir_t : process transition ;
> allow domain abrt_helper_t : process transition ;
> allow sshd_t chkpwd_t : process transition ;
> allow sshd_t passwd_t : process transition ;
> allow sshd_t updpwd_t : process transition ;
> allow sshd_t mount_t : process transition ;
> allow sshd_t rssh_t : process transition ;
> allow sshd_t xauth_t : process transition ;
> allow sshd_t nx_server_t : process transition ;
> allow sshd_t unpriv_userdomain : process { transition signal } ;
> allow polydomain setfiles_t : process transition ;
> allow unconfined_login_domain unconfined_t : process transition ;
>
> I see it transitions to unconfined_t by means of "unconfined_login_domain" that
> I guess it's a type alias. How can I list all types that have
It is an attribute actually i believe
> "uncofnined_login_domain" as an alias? Is there a way to do this with
> sesearch or without having the policy source installed?
seinfo -x -aunconfined_login_domain
lists all types that have the unconfined_login_domain attribute assigned
to it.
> Thanks,
> Jorge
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TDU4ACgkQMlxVo39jgT/3+QCgyaYgs0MNxoAvyqc7F/K+yQip
c4kAn0vp9nukLpgjZptFiSc+UPELBAW0
=KBhE
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
