On Thu, Feb 19, 2015 at 11:46:18AM PST, Stephen Smalley spake thusly: > Domains with those attributes can override the corresponding MCS > constraint. Depending on version, seinfo --constrain will dump the > actual constraints for you. In any event, I suspect you need to assign > the mcsuntrustedproc attribute to your web application domains if you > want them to be constrained by MCS at all, plus you'd need to run them > with specific category sets. How do I assign mcsuntrustedproc attribute to my web application domain? I know how to set booleans, categories, etc. but have not yet encountered needing to set an attribute for a domain. Google for "set selinux attribute" turns up stuff about setting user, role, type etc. as attributes but nothing about setting attributes such as mcsuntrustedproc. -- Tracy Reed
Attachment:
pgpqSyHhPZZc7.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
