selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: Security Context Type Changes

RE: Security Context Type Changes

From: Stephen Smalley <sds_at_nospam>
Date: Wed Jan 20 2010 - 17:36:31 GMT
To: "Tomas, Gregg A (IS)" <Gregg.Tomas@ngc.com>


On Wed, 2010-01-20 at 10:50 -0600, Tomas, Gregg A (IS) wrote:
> Stephen,
>
> That is correct, we are not executing anything that would set up a user
> context. Nothing in our code or our policy would change the context. In
> RHEL4, root and any other users have a security context type of
> unconfined_t so we would it expect it to be the same on RHEL5 but they
> are init_t. Perhaps, something changed with RHEL5 release that I need to
> research.

Normally it is programs such as login (non-graphical console login), gdm (graphical console login), or sshd (remote login) that set up the security context for a user session. If you were executing your script directly from /etc/inittab under RHEL4, you should have had the same end result - it would stay in init_t until/unless it executed a program for which a domain transition was defined or a program that explicitly set a context. Possibly you were labeling your script or fvwm with a type and defining a domain transition on RHEL4? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.