Thanks for the nice explanation Lukas!! Following your example, with the following allow rules, If a daemon D1 gets compromised, since it can transition to U1 domain, it would be able to modify the config files of daemon D2, is this correct?
D1.te
allow U1 C1:file {read append write};
D2.te
allow U1 C2:file {read append write};
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
