On 11/1/19 5:48 AM, zer0 0ne wrote:
I am writing SELinux policies for the first time and I need some
clarification
1. I have executable A executes a system() call, spawns a shell and
executes a command ‘B’ and consumes the output of command B. Do I
have to use domain transition in the above case or what is the
correct way to go about it?> 2. In the above case A and B have different SELinux
policies. Since A
executes B, in SELinux policy of A do I need to make type B_t as a
required type?
3. For process A to do domain_transition to B, do I add
b_domain_transition macro in A.if file or in A.te
I believe you can find answers in this blog:
https://danwalsh.livejournal.com/72287.html
Thanks,
Lukas.
TiA
zer0 0ne
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
--
Lukas Vrabec
SELinux Evangelist,
Senior Software Engineer, Security Technologies
Red Hat, Inc.