Stephen wrote: > That looks correct. getsebool init_upstart says what? Off. So, I did "setsebool -P init_upstart=1" Then "getsebool init_upstart" returns "on". So I reboot. Now "getsebool init_upstart" returns "off" again. -----Original Message----- From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] Sent: Thursday, February 18, 2010 12:54 PM To: Alan Rouse Cc: 'selinux@xxxxxxxxxxxxx' Subject: RE: SELinux Policy in OpenSUSE 11.2 On Thu, 2010-02-18 at 12:36 -0500, Alan Rouse wrote: > sesearch -C --type -s init_t -t shell_exec_t > > Found 2 semantic te rules: > DF type_transition init_t shell_exec_t : process sysadm_t; [ > init_upstart ] ET type_transition init_t shell_exec_t : process > initrc_t; [ init_upstart ] That looks correct. getsebool init_upstart says what? > -----Original Message----- > From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx] > Sent: Thursday, February 18, 2010 11:03 AM > To: Alan Rouse > Cc: 'selinux@xxxxxxxxxxxxx' > Subject: RE: SELinux Policy in OpenSUSE 11.2 > > On Wed, 2010-02-17 at 16:48 -0500, Alan Rouse wrote: > > libselinux-2.0.80-5.2.i586 > > libsepol1-2.0.36-2.2.i586 > > libsemanage1-2.0.31-4.1.i586 > > policycoreutils-2.0.62-3.1.i586 > > checkpolicy-2.0.19-2.2.i586 > > Do you also have a setools package? > > If so, run: > sesearch -C --type -s init_t -t shell_exec_t > > -- > Stephen Smalley > National Security Agency > -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
