From: rfkrocktk@gmail.com (Naftuli Kay) Date: Mon, 21 Nov 2016 09:32:40 -0800 Subject: [refpolicy] how to inherit unconfined_service_t In-Reply-To: <4c6f0295-11e3-1220-f319-98ca679487f6@gmail.com> References: <4c6f0295-11e3-1220-f319-98ca679487f6@gmail.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com IIRC unconfined_service_t is a special exception to the general rule. Macros have been used in the reference policy to grant every possible privilege to this type. There may be an attribute that you can use which accomplishes the same thing. Please dig around and find out what attributes that unconfined_service_t has associated with it. Thanks, - Naftuli Kay On Mon, Nov 21, 2016 at 9:23 AM, mm via refpolicy wrote: > Hi all, > > I would need to define a domain bar_t which should inherit all access > rights of unconfined_service_t. > I know I can use unconfined_domain() to inherit the rules of unconfined_t. > The fact is that (at least on Fedora 24) service processes appear to run > by default as unconfined_service_t. > my process /sbin/bar (which is not selinux aware) runs fine with this > default context, but I would need to define its own domain bar_t. > Hence the question of how to inherit the rules of unconfined_service_t. > > Thanks in advance, > M. Manfredini > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy