On Wed, Oct 29, 2014 at 4:34 PM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote: > The fifth release candidate for the next release of SELinux Userspace > [1] is now available. The tarballs have been built and can be downloaded > from the Releases wiki page [2]. Changes since rc4 include: [...] > Please give this a test and let us know if you find any problems. Hi Steve I notice a regression that I can't quite place yet. I am running with a policy that does not have the unconfined module loaded (so a strict environment). In the past (same policy, 2.3 utilities) that also prevented those "unconfined domains" to get their privileges. For instance, initrc_t does not have the files_unconfined_type assigned to it. With the 2.4 series, this attribute is assigned to the domain. I *think* that it is ignoring the gen_require(`type unconfined_t') that is in unconfined_domain_noaudit() in the sense that the rules that do not use unconfined_t are now loaded as well. In the past, this would ignore the entire block. Wkr, Sven Vermeulen _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
