On Mon, Jun 22, 2015 at 06:07:20PM +0200, Miroslav Grepl wrote: > > In Fedora, we have unconfined_service_t domain for unconfined services > started by init. So there is init_t @bin_t -> unconfined_service_t and > we get op=security_bounded_transition for init_t against > unconfined_service_t. But of course it is not going to work with > > typebounds init_t unconfined_service_t; > > because there is > > # <audit-1401> op=security_compute_av reason=bounds > scontext=system_u:system_r:unconfined_service_t:s0 > tcontext=system_u:object_r:bin_t:s0 tclass=file perms=entrypoint > > So this logic breaks our concept with unconfined_service_t. > What is running in the unconfined_service_t domain in that event? > -- > Miroslav Grepl > Senior Software Engineer, SELinux Solutions > Red Hat, Inc. > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
Attachment:
pgpCrZiu8tzvc.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
