hello,
when i start sleep(1) as user_t f11 with mls policy does this:
[root@localhost ~]# sesearch --allow -s user_t -t bin_t
Found 3 semantic av rules:
allow user_t bin_t : file { ioctl read getattr lock execute
entrypoint open } ;
...
and this:
[root@localhost ~]# sesearch --allow -s user_t -c process
Found 24 semantic av rules:
...
allow user_t user_t : process { fork transition sigchld sigkill
sigstop signull signal ptrace getsched setsched getsession getpgid
setpgid getcap setcap share getattr setfscreate noatsecure siginh
rlimitinh dyntransition setkeycreate setsockcreate } ;
...
it seems that user_t transitions to itself. Why not use
execute_no_trans? Like it is handel in f10 targeted. Has this "style"
any deeper sense?
--
Sebastian Pfaff
PS: No execute_no_trans, look here:
[root@localhost ~]# sesearch --allow -s user_t -t bin_t -p
execute_no_trans
[root@localhost ~]# echo $?
0
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
