On Sat, 2008-12-27 at 12:01 +0100, domg472 g472 wrote: > A (executable) file is an "entrypoint" for domain transition. > > source domain -> executable files type -> target domain > > but domain transition is not default behaviour. Remember SELinux is > least privilege > > 1. deny access ( default ) > 2. run the executable file in the source domain (can_exec(source > domain, executable files type) > 3. Transition from a source domain to a target domain though a > executable files type ( domain_auto_trans(source domain, executable > files type, target domain) > > the unconfined domain is designed to NOT transition. unconfined_t is > not targeted, in other words it is (for the most part) exempted from > SELinux. How do you check if an entrypoint exists? Via security_check_context()? I couldn't find any other function which could do the job. Or in general how would you do it programmatically? What set of functions do you recommend? cheers, Stefan -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
