|Main Archive Page > Month Archives > selinux archives|
On Wed, 2010-01-20 at 10:50 -0600, Tomas, Gregg A (IS) wrote:
> That is correct, we are not executing anything that would set up a user
> context. Nothing in our code or our policy would change the context. In
> RHEL4, root and any other users have a security context type of
> unconfined_t so we would it expect it to be the same on RHEL5 but they
> are init_t. Perhaps, something changed with RHEL5 release that I need to
Normally it is programs such as login (non-graphical console login), gdm (graphical console login), or sshd (remote login) that set up the security context for a user session. If you were executing your script directly from /etc/inittab under RHEL4, you should have had the same end result - it would stay in init_t until/unless it executed a program for which a domain transition was defined or a program that explicitly set a context. Possibly you were labeling your script or fvwm with a type and defining a domain transition on RHEL4? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.