Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Context transition error
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Fri, 21 Nov 2008 14:59:41 -0500
The domain needs the mcssetcats attribute in order to pass the MCS policy constraints. You can use the mcs_process_set_categories() refpolicy interface if building using the refpolicy infrastructure (i.e. yum install selinux-policy-devel, make -f /usr/share/selinux/devel/Makefile localadmin.pp).
I'm not sure what you are really planning to do though, as:
- obviously your program should not run in sysadm_t,
- The real processing for nfsd is handled by kernel threads, not a
userland process, and thus can change its credentials without going
through permission checks,
You may wish to have a look at the ongoing labeled NFS work: http://selinuxproject.org/page/Labeled_NFS -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 21 Nov 2008 - 15:01:16 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |