On Thu, 27 Mar 2003 00:33, Chris Wright wrote: > > We have just had to change polity to allow the init program greater > > access than it would otherwise require because a kernel thread needed > > more access, which is not desirable. > > Why? The init in reparent_to_init is the initial kernel thread. The > init program is exec'd late in bootup. The exec can easily be a domain > transition for init. What am I missing? See the thread concerning the following message: http://marc.theaimsgroup.com/?l=selinux&m=104852427209286&w=2 It seems that domain transitions aren't possible in this case. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 16:07:42 PST