|Main Archive Page > Month Archives > fedora-selinux archives|
On Sat, 2007-12-08 at 22:47 +0900, Shintaro Fujiwara wrote:
> Hi, I have a question on differences between permissve and enforcing.
> I installed courier-imap from source (as always), and configured
> courier.te, courier.fc just to apply installation-path to souece installation.
> There are two say, daemons, courier_$1_t, i.e. courier_authdaemon_t,
> and I had to declair
> domain_auto_trans(initrc_t, courier_exec_t, courier_t)
> (courier_t was not declared in courier.te, so I did)
> as I declared starting script in /etc/rc.d/rc.local.
> I set selinux enforcing and found that courier_authdaemon_t started all-right,
> but courier_t not.
> When I set selinux permissive, it started all-right.
> How should I fix this problem ?
Just to clarify, there is a difference between permissive and enforcing with regard to type transitions. In permissive, if the type transition would yield an invalid context (e.g. role is not authorized for the new type), it nonetheless is allowed to proceed, whereas in enforcing mode, it fails. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list firstname.lastname@example.org https://www.redhat.com/mailman/listinfo/fedora-selinux-list