Hi, I’m pretty sure my questions are basic SELinux 101 but I’m having a problem confining an application when a user runs the application directly. On our system I have removed the unconfined domain and unconfined user. When the system initializes the confined applications run in the correct confined domains. However, if I use ssh to access the server, stop an application, and then start the application again, the application will run with the label sshd_t. I haven’t tried starting a confined application from a local console but I’ll probably encounter a similar problem. How should I modify the policy to allow a confined user to execute an application but also have the application run in the application’s confined domain? Kim |
