Hi, As a learning exercise I created a simple policy to sandbox a simple program in its own domain. I had to add rules to the policy to allow the program to be executed from unconfined_t. Is this normal? My understanding was that a process in unconfined_t was subject only to DAC so why did I have to add this rule? What does unconfined_t actually mean? Thanks. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
