[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: example of a domain with transition policy

From: Vadym Chepkov <chepkov yahoo com>
To: Stephen Smalley <sds tycho nsa gov>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: example of a domain with transition policy
Date: Thu, 29 Jan 2009 14:43:24 -0800 (PST)

> I don't think you want an alias (i.e. two names for the
> same domain) but
> rather another domain that is unconfined as well.  Use
> unconfined_domain().

sshd_t is defined this way in Redhat policy, I learn from the masters :)

$ cd /home/vvc/rpmbuild/BUILD/serefpolicy-2.4.6/policy/modules/services
$ grep sshd_t ssh.te |grep domain
        unconfined_alias_domain(sshd_t)
        init_system_domain(sshd_t,sshd_exec_t)

> 
> Interesting question about auditallow; you might need a
> script to
> generate the right set, maybe derived from
> audit2allow/sepolgen innards.
> Watch out though - auditallow'ing everything will flood
> your system with
> too many audit messages.

Exactly, I want to avoid it.

Follow-Ups:
- Re: example of a domain with transition policy
  - From: Stephen Smalley

References:
- Re: example of a domain with transition policy
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]