On Mon, 2014-07-07 at 16:24 +0200, Dominick Grift wrote: > On Mon, 2014-07-07 at 10:00 -0400, Steve Lawrence wrote: > > > I can't reproduce the problem with my test policies. The typechange > > statements look like they are correctly inserted into the binary and I > > am seeing the expected type changes at runtime. > > > > Is this with your monogam policy? > > > > No, that one is no longer maintained. > > It is this very small base policy: > > https://github.com/doverride/e145 > Note though, with that version, that there is no type_change rule from devpts_t to device_session_pts_t currently (so if you were to test this with sshd then it would be lacking the type change rule) Either insert that type_change rule manually or test it with the (local) login program since there is a type_change session_t device_tty_t:chr_file device_session_tty_t rule present. There is also a conditional type change rule for console_device_t to device_session_tty_t. I cannot imagine me having overlooked anything. Since there are only two domains (system_t and session_t), and both are virtually unconfined. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
