On Sat, 2011-04-30 at 11:48 +0100, David Howells wrote: > Of course, this may not apply to scripts, since we don't normally allow those > to effect SUID/SGID transitions. Should set-security-label transitions be > ignored on scripts too (which I think was one of the points Casey was taking > about)? Should the script interpreter simply reset the credentials to those > of the current user? The kernel should allow set-security-label transitions on scripts; SELinux makes use of such transitions particularly for system initialization, where the caller is already at least as trusted as the callee. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
