Re: [Question] How enforcing and permissive differ on start-up

On Sat, 2007-12-08 at 22:47 +0900, Shintaro Fujiwara wrote:
> Hi, I have a question on differences between permissve and enforcing.
>
> I installed courier-imap from source (as always), and configured
> courier.te, courier.fc just to apply installation-path to souece installation.
>
> There are two say, daemons, courier_$1_t, i.e. courier_authdaemon_t,
> and I had to declair
> domain_auto_trans(initrc_t, courier_exec_t, courier_t)
> (courier_t was not declared in courier.te, so I did)
> as I declared starting script in /etc/rc.d/rc.local.
>
> I set selinux enforcing and found that courier_authdaemon_t started all-right,
> but courier_t not.
> When I set selinux permissive, it started all-right.
>
> How should I fix this problem ?

Just to clarify, there is a difference between permissive and enforcing with regard to type transitions. In permissive, if the type transition would yield an invalid context (e.g. role is not authorized for the new type), it nonetheless is allowed to proceed, whereas in enforcing mode, it fails. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

• This message: [ Message body ]
• Next message: Stephen Smalley: "Re: mounting nfs as httpd_sys_content_t under selinux"
• Previous message: NZzi: "Re: Adobe acroread"
• In reply to: Shintaro Fujiwara: "[Question] How enforcing and permissive differ on start-up"
• Next in thread: Shintaro Fujiwara: "Re: [Question] How enforcing and permissive differ on start-up"
• Reply: Shintaro Fujiwara: "Re: [Question] How enforcing and permissive differ on start-up"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]