On 04/18/2017 01:15 AM, Dominick Grift wrote:
acme_nss_t needs to be associate with "can_change_object_identity" to be able to change the object identity from system_u to unconfined_u typeattribute acme_nss_t can_change_object_identity; or the appropriate macro: domain_obj_id_change_exemption(acme_nss_t)
Excellent, thank you!
But there is no need to change the object identity in the first place, system_u will do fine.
I'll have to think about this. I'm actually copying a directory tree from one place to another and copying the context from the source to destination with getfilecon() and setfilecon(). What APIs should I use if I *only* wanted to copy the type? -- ======================================================================== Ian Pilcher arequipeno@xxxxxxxxx -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
