Hi all,
I have an executable started by /bin/foo which runs confined within the
context foo_t.
The process loads (actually does LD_PRELOAD) bar.so which needs to
access resources outside foo_t (actually unconfined_t).
I can allow access to such resources from foo_t, but I would like to
allow such access only for code running within bar.so, instead of the
whole process.
I have been looking in the docs, but I could not find if it is possible
to specify a source context for shared libraries, instead of whole
processes.
My idea would be to define a context bar_t for code running within
bar.so, and allow the required access (to unconfined_t) from bar_t,
without extending access for foo_t.
Makes sense? Is it possible?
Thanks in advance,
M. Manfredini
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
