Hi all,
I would need to define a domain bar_t which should inherit all access
rights of unconfined_service_t.
I know I can use unconfined_domain() to inherit the rules of unconfined_t.
The fact is that (at least on Fedora 24) service processes appear to run
by default as unconfined_service_t.
my process /sbin/bar (which is not selinux aware) runs fine with this
default context, but I would need to define its own domain bar_t.
Hence the question of how to inherit the rules of unconfined_service_t.
Thanks in advance,
M. Manfredini
IIRC unconfined_service_t is a special exception to the general rule.
Macros have been used in the reference policy to grant every possible
privilege to this type. There may be an attribute that you can use
which accomplishes the same thing. Please dig around and find out what
attributes that unconfined_service_t has associated with it.
Thanks,
- Naftuli Kay
On Mon, Nov 21, 2016 at 9:23 AM, mm via refpolicy
<[email protected]> wrote:
> Hi all,
>
> I would need to define a domain bar_t which should inherit all access
> rights of unconfined_service_t.
> I know I can use unconfined_domain() to inherit the rules of unconfined_t.
> The fact is that (at least on Fedora 24) service processes appear to run
> by default as unconfined_service_t.
> my process /sbin/bar (which is not selinux aware) runs fine with this
> default context, but I would need to define its own domain bar_t.
> Hence the question of how to inherit the rules of unconfined_service_t.
>
> Thanks in advance,
> M. Manfredini
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy