Hi, I'm having a problem with a multithreaded application. It does lengthy initialization in advance under relatively privileged context and then switches to a less privileged one after the moment when the actual request arrives. After that it will create a chrooted container and join all threads to a new SELinux context. However the transition fails with audit message "op=security_bounded_transition result=denied oldcontext=old_context newcontext=new_context". Is there any policy rule that could be used to fix this or is this just not supported? Best regards, Hannu _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
