-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe the solution here is to add logging messages to the function. My opionion is that if something is wrong with SELinux, IE The labels are wrong, the policy is wrong or the app is wrong, we should not block in permissive mode. Having the tool write "foobar_t is not a valid source context" would be better then what we have now, which is a silent denial even in permissive mode. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJueKwACgkQrlYvE4MpobNU6wCeKWF79vOSxUH0PKDiuo64DbY/ EwgAoKjSD2BMe6KHIv2Smvkxwh/Ta02r =6Agn -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
