On 11/01/2016 07:50 AM, Daniel J Walsh wrote: > I wrote a blog http://danwalsh.livejournal.com/75282.html which talks > about chrome sandbox and its attempt to change its parents oom_score_adj > value. Which is labeled unconfined_t, the question has come up on > Twitter to be able to change the label on just this object. > > I think we discussed this before, but how difficult would it be to > change individual file labels under /proc/self/? Technically feasible, already on the kernel todo list, https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo However, I agree with Dominick here - the parent shouldn't run in unconfined_t in the first place. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
