Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: type_transition init_t xxx_exec_t:process xxx_t
From: Stephen Smalley <sds_at_tislabs.com>
Date: Thu, 25 Jul 2002 06:47:31 -0400 (EDT)
On Thu, 25 Jul 2002, Carsten Grohmann wrote:
> in many files is follow rule: These rules are included to cover the case where the SELinux module is dynamically loaded into a running kernel rather than being built-in. Although we don't recommend such usage due to the difficulty in determining the right security attributes for pre-existing processes and objects, the SELinux module does provide some degree of support for it. This is discussed in the module technical report. The type_transition init_t ... rules are needed because the process may have been reparented to init by the time the SELinux module is inserted. If you always intend to use SELinux as a built-in module (recommended), then you can safely remove these type_transition init_t ... rules. Notice that in any case where init truly starts the process, there must be a full domain_auto_trans(init_t, ...) rule to authorize it. Hence, when you see a type_transition init_t ... rule by itself, it is only for the purpose of labeling pre-existing processes when SELinux is dynamically inserted. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 25 Jul 2002 - 06:48:55 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |