selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: Security Context Type Changes

RE: Security Context Type Changes

From: Tomas, Gregg A (IS) <Gregg.Tomas_at_nospam>
Date: Wed Jan 20 2010 - 16:50:58 GMT
To: "Stephen Smalley" <>


That is correct, we are not executing anything that would set up a user context. Nothing in our code or our policy would change the context. In RHEL4, root and any other users have a security context type of unconfined_t so we would it expect it to be the same on RHEL5 but they are init_t. Perhaps, something changed with RHEL5 release that I need to research.



-----Original Message-----
From: Stephen Smalley [] Sent: Tuesday, January 19, 2010 1:27 PM
To: Tomas, Gregg A (IS)
Subject: RE: Security Context Type Changes

On Tue, 2010-01-19 at 15:15 -0600, Tomas, Gregg A (IS) wrote:
> Stephen,
> I apologize for my lack promptness, I have been in and out of the
> office. We are in the middle of transitioning from RHEL4 to RHEL5 so
> some of the links maybe off. Anyhow, here is our run_xstart.bash

> ========================

> # Start window manager for primary display #
> exec /usr/bin/fvwm -display $DISPLAY1 \
> -cmd "Read /h/ProjectX/config_values/system.fvwmrc"

> ===============

So why would you expect that to transition out of init_t? Unless you've specifically labeled /usr/bin/fvwm with an entrypoint type and defined a type transition on it, you'll just continue in init_t.

You aren't executing anything that would set up a user context, e.g. gdm or friends.   -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.