Russell Coker <russell@xxxxxxxxxxxx> writes: > When I boot kernel 4.9.144 (Debian/Stable kernel) with the Debian policy for > Unstable (which isn't very different to the latest Git refpolicy) /usr/sbin/ > ModemManager and /usr/sbin/mysqld run as init_t. > > When I boot the same policy with kernel 4.19.16 (Debian/Testing kernel) those > daemons run in modemmanager_t and mysqld_t as desired. > > What is the difference between those kernels which would explain this? Would > it be some interaction with systemd? I don't expect anyone to just hand me > the answer (although that would be really nice), any clues as to where I > should start investigating this would be great. > > The general aim with Debian SE Linux is that you can run the policy with the > kernel from the previous version of Debian. So this is something I really > want to fix. Could it be the nnp_nosuid_transition polcap? Not sure when that was exactly introduced but that change does affect domain transitions. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift