On Wed, 2008-11-05 at 16:52 +1000, Murray McAllister wrote: > > In certain situations, the tcontext may match the scontext, such as when > a Linux user is confined and SELinux policy prevents them from > performing an action, for example, running a setuid application. Not in love with that example, no explicit "run suid" permission (as sds recently corrected me) In certain situations, the tcontext may match the scontext, such as when a process tries to use more resources, eg. memory usage, open file descriptors, or things like that, than normal limits allow. This will cause a security check to see if the process is allow to violate the limits. This check is done with with tcontext == scontext. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
