-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/23/2010 03:50 AM, Dominick Grift wrote:
> On 12/22/2010 11:07 PM, Jorge Fábregas wrote:
>> Hi,
>
>> I was using sesearch to verify the allow rule for sshd and how it transitions
>> to unconfined_t:
>
>> # sesearch --allow -s sshd_t -c process -p transition
>> Found 12 semantic av rules:
>> allow sshd_t oddjob_mkhomedir_t : process transition ;
>> allow domain abrt_helper_t : process transition ;
>> allow sshd_t chkpwd_t : process transition ;
>> allow sshd_t passwd_t : process transition ;
>> allow sshd_t updpwd_t : process transition ;
>> allow sshd_t mount_t : process transition ;
>> allow sshd_t rssh_t : process transition ;
>> allow sshd_t xauth_t : process transition ;
>> allow sshd_t nx_server_t : process transition ;
>> allow sshd_t unpriv_userdomain : process { transition signal } ;
>> allow polydomain setfiles_t : process transition ;
>> allow unconfined_login_domain unconfined_t : process transition ;
>
>> I see it transitions to unconfined_t by means of "unconfined_login_domain" that
>> I guess it's a type alias. How can I list all types that have
>
> It is an attribute actually i believe
>
>> "uncofnined_login_domain" as an alias? Is there a way to do this with
>> sesearch or without having the policy source installed?
>
> seinfo -x -aunconfined_login_domain
>
> lists all types that have the unconfined_login_domain attribute assigned
> to it.
>
>> Thanks,
>> Jorge
>> --
>> selinux mailing list
>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
- --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
sshd_t is not allowed to transition to unconfined_t by this rule. It is
allowed to transition via the rule:
allow sshd_t unpriv_userdomain : process { transition signal } ;
unpriv_userdomain
git_shell_t
unconfined_mount_t
xguest_openoffice_t
user_openoffice_t
user_java_t
user_mono_t
user_wine_t
staff_java_t
staff_mono_t
staff_wine_t
staff_execmem_t
user_execmem_t
unconfined_notrans_t
unconfined_execmem_t
unconfined_java_t
unconfined_mono_t
xguest_t
guest_t
staff_t
user_t
xguest_java_t
xguest_mono_t
unconfined_t
staff_openoffice_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk0TWDoACgkQrlYvE4MpobPRUgCgkUMRw9t4kIGQjIfLTFq+zqAQ
AQEAnjQ9wpINDDHsMMu76iHmZn0wTfV6
=Dhaw
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
