On 04/01/2015 05:51 PM, W. Michael Petullo wrote: > Is it possible to cause a process to transition to a new domain but only > if it reads a file with a certain label? I am interested in imposing > this by modifying the SELinux policy only, that is, not requiring any > action on the part of the process itself. You could think of this as a > rough analog to HiStar and others' "tainting". > SELinux process transition happens on execve() calling. Not sure what your point is here? -- Miroslav Grepl Software Engineering, SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
