selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: RE: Security Context Type Changes

RE: Security Context Type Changes

From: Stephen Smalley <sds_at_nospam>
Date: Wed Jan 20 2010 - 17:36:31 GMT
To: "Tomas, Gregg A (IS)" <>

On Wed, 2010-01-20 at 10:50 -0600, Tomas, Gregg A (IS) wrote:
> Stephen,
> That is correct, we are not executing anything that would set up a user
> context. Nothing in our code or our policy would change the context. In
> RHEL4, root and any other users have a security context type of
> unconfined_t so we would it expect it to be the same on RHEL5 but they
> are init_t. Perhaps, something changed with RHEL5 release that I need to
> research.

Normally it is programs such as login (non-graphical console login), gdm (graphical console login), or sshd (remote login) that set up the security context for a user session. If you were executing your script directly from /etc/inittab under RHEL4, you should have had the same end result - it would stay in init_t until/unless it executed a program for which a domain transition was defined or a program that explicitly set a context. Possibly you were labeling your script or fvwm with a type and defining a domain transition on RHEL4? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.