On Wed, Mar 25, 2015 at 10:31:41PM +0100, Dominick Grift wrote:
> For the sock *file*, i would argue, that indeed the "setfscreatecon" is not
> strictly needed, and that the labeling for this can be taken care of by using
> type transition rules in the security policy as suggested.
>
> However
For the sock *file*, i would argue, that indeed the "setfscreatecon" is not
strictly needed, and that the labeling for this can be taken care of by using
type transition rules in the security policy as suggested.
However for the "socket" classes associated with the process type,
"setsockcreate
Lennart Poettering writes:
> On Fri, 06.03.15 13:04, Jan Synáček (jsyna...@redhat.com) wrote:
>
>> Hello,
>>
>> when systemd creates a socket file, it explicitly calls a selinux
>> procedure to label it. I don't think that is needed, as the kernel does
>> the right thing when the socket is creat
On Fri, 06.03.15 13:04, Jan Synáček (jsyna...@redhat.com) wrote:
> Hello,
>
> when systemd creates a socket file, it explicitly calls a selinux
> procedure to label it. I don't think that is needed, as the kernel does
> the right thing when the socket is created. Am I missing something? Why
> is
Hello,
when systemd creates a socket file, it explicitly calls a selinux
procedure to label it. I don't think that is needed, as the kernel does
the right thing when the socket is created. Am I missing something? Why
is the explicit labeling in place?
Cheers,
--
Jan Synacek
Software Engineer, Re