hi, as I was studying on how to assign different security context on threads defined in a process, I found that there is a concept named BOUNDS DOMAIN which does this for me. now I would like to know for implementing a userspace object manager that uses this mechanism for its threads, how requests for OS resources are protected. that is, if my single OS process changes its security context per thread request or I should consult AVC before any action taken by my threads if that action is legal. is there any documentation on this topic? Best Regards. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
