[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Starting applications from initrc in a user's context?

To: Russell Coker <russell@xxxxxxxxxxxx>
Subject: Re: Starting applications from initrc in a user's context?
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Wed, 12 Jan 2005 11:54:14 -0500
Cc: mike@xxxxxxxxxxxxxxx, SElinux <SELinux@xxxxxxxxxxxxx>
In-reply-to: <200501042103.15885.russell@xxxxxxxxxxxx>
Organization: National Security Agency
References: <41CAE132.3020504@xxxxxxxxxxxxxxx> <200501042103.15885.russell@xxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Tue, 2005-01-04 at 05:03, Russell Coker wrote:
> Allowing the role to be changed requires adding privrole to the attributes of 
> domain initrc_t.  In that case either the identity system_u must be permitted 
> to have the role user1_r or initrc_t also needs the privuser attribute so it 
> can launch a process with a different identity.

Role changes also require a role allow rule, e.g.
allow foo_r bar_r;

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Starting applications from initrc in a user's context?
  - From: Russell Coker

References:
- Re: Starting applications from initrc in a user's context?
  - From: Russell Coker

Prev by Date: Re: transition denied
Next by Date: Re: SELinux with IPSec - something going on ?
Previous by thread: Re: Starting applications from initrc in a user's context?
Next by thread: Re: Starting applications from initrc in a user's context?
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.