Hi, I'm quite a newbie to SELinux. Up to now, I've install the system and I've look at the configuration files. As a first test, I've try to configure an application called HTTPServer using it's own type(domain) and it's own file type. The application is called HTTPServer (compiled from serv.c which is joined to this message). This application is located in /bin. A type for the file of the executable as been created (HTTPServer.fc located in policy/file_contexts/program/ and joined to this message). A type (domain) for the process as also been created (HTTPServer.te located in policy/domains/program also joined to this message). When using the sysadm_r role, starting HTTPServer, and checking the process with ps --context, the domain of the process is "HTTPServer_t". So everything looks normal. But when using the user_r role, starting HTTPServer, and checking the process with ps --context, the domain of the process is "user_t". The goal was to allow the execution of HTTPServer to the sysadm_r and not to user_r. A couple of things (e.g. commenting transition rules) to block the transition from HTTPServer_t to user_t, were tried without success. Would you have any helpful recommandation or ressource ? Thank you and regards, Eric Gingras Eric.Gingrasat_private
This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 08:49:39 PDT