The constraints for MLS can have rules excluding specified types or attributes. We could have an attribute for domins whos unix sockets should be excluded from MLS. It seems to me that the only real benefit to allowing a Unix socket to have a different type to the domain that created it is for a domain that creates multiple sockets with different types. Maybe this would be good for systemd. -- My blog http://etbe.coker.com.au -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
