On Sun, 2005-01-09 at 01:20 -0500, Valdis.Kletnieks(a)vt.edu wrote:
I notice yours is flagged as 'unconfined_t', which smells a
lot like running
the targeted policy. The design point for that policy is "constrain certain
daemons, but assume that users are in general trusted and know what they're
doing".
As such, it's assuming that if you're loading the policy from a chroot that
you know what you're doing and should be allowed to do so. If that doesn't
describe how you want things to work, maybe you should be running 'strict'
instead of 'targeted'?
I actually like the flexibility of targeted and I tried strict yesterday
and it causes my system to hang. When I do get the chance I will play
around with strict though.
Bob
--
Bob Kashani
http://www.ocf.berkeley.edu/~bobk/garnome