From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Gaurav Poothia <gpoothia@cs.sunysb.edu>
Cc: SELinux@tycho.nsa.gov
Subject: Re: Newbie questions
Date: Thu, 06 Oct 2005 17:04:28 -0400 [thread overview]
Message-ID: <4345915C.7050305@cornell.edu> (raw)
In-Reply-To: <Pine.GSO.4.53.0510061416520.10856@compserv1>
> Q1. Is the idea here for SELinux to create specialized domains for all
> possible desktop apps (on the server side it seems the plan is to
> eventually confine all daemons)?
I think that's what the plan is/was...whether this is actually possible
remains to be discovered. Desktop apps are very difficult to deal with,
since they tend to be highly complex, and interact in complicated ways.
> If not then any SELinux unaware app on
> exec will run within Mozilla domain if called form within the browser
> (viewers/players/editors)?
>
The app does not have to be SELinux aware - this is done automatically
for the app, based on policy. Applications which do not have a
transition defined in policy from mozilla to a different type continue
to run as mozilla (and usually get lots of denials).
> What about invocation from shell...will it then run within user_t domain?
>
That depends on whether or not transitions are defined from user_t to a
different domain upon executing the application. If no policy has been
written for an application, for example, it would run as user_t (and as
$1_mozilla_t in the case above).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-10-06 21:04 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-06 18:17 Newbie questions Gaurav Poothia
2005-10-06 21:04 ` Ivan Gyurdiev [this message]
2005-10-06 22:05 ` Luke Kenneth Casson Leighton
-- strict thread matches above, loose matches on Subject: below --
2021-06-18 16:31 Ethy H. Brito
2021-06-18 17:40 ` Jesper Dangaard Brouer
2021-06-18 20:37 ` Ethy H. Brito
2021-06-22 1:28 ` Ethy H. Brito
2021-06-22 9:18 ` Jesper Dangaard Brouer
2015-08-31 0:30 newbie questions Pierre-Louis Bossart
2015-08-31 7:43 ` Johannes Berg
2015-08-31 12:50 ` Pierre-Louis Bossart
2015-08-31 12:54 ` Johannes Berg
2015-08-31 13:21 ` Pierre-Louis Bossart
2015-08-31 13:33 ` Johannes Berg
2015-08-31 14:26 ` Pierre-Louis Bossart
2015-08-31 14:38 ` Johannes Berg
2012-10-06 15:31 Newbie questions Mark Kampe
2012-10-07 0:08 ` Adam Nielsen
2012-10-07 0:34 ` Mark Kampe
2012-10-01 12:30 Adam Nielsen
2012-10-01 13:20 ` Joao Eduardo Luis
2012-10-01 16:13 ` Sage Weil
2012-10-06 15:05 ` Adam Nielsen
2005-11-01 17:33 Larry Alkoff
2005-11-02 5:41 ` Justin Zygmont
2005-11-03 0:55 ` Ralph Alvy
2005-11-03 4:12 ` Larry Alkoff
2005-11-03 6:17 ` Ralph Alvy
2005-11-03 7:32 ` John R. Sowden
2005-11-03 19:02 ` Larry Alkoff
2005-11-03 21:26 ` John R. Sowden
2005-11-04 3:45 ` Justin Zygmont
2005-11-05 17:06 ` Ralph Alvy
2005-11-05 19:25 ` Larry Alkoff
2005-11-06 0:42 ` Ralph Alvy
[not found] ` <436F5554.2030304@pobox.com>
[not found] ` <200511070723.31259.ralvy@warpmail.net>
2005-11-07 16:36 ` Alain
2005-11-09 7:46 ` Ralph Alvy
2005-10-06 18:12 Gaurav Poothia
2005-01-19 15:07 Scott Miller
2005-01-19 15:10 ` Geert Uytterhoeven
2005-01-19 20:53 ` Scott Miller
2004-12-15 19:49 Newbie Questions Joseph Swaminathan
2004-12-15 20:23 ` Marco Gerards
2004-12-15 20:51 ` Joseph Swaminathan
2004-12-15 20:56 ` Marco Gerards
2004-03-25 21:32 Newbie questions Jan Rychter
2004-03-26 2:26 ` Steven Hand
2004-04-07 21:08 ` Jan Rychter
2004-03-26 2:35 ` Ian Pratt
2002-08-03 4:10 Gustavo Sverzut Barbieri
[not found] ` <20020803041040.10310.qmail-L8+/D2FWflyA/QwVtaZbd3CJp6faPEW9@public.gmane.org>
2002-08-03 12:49 ` Axel Siebenwirth
[not found] <200204070157.g371vDs24544@superglide.netfx-2000.net>
2002-04-25 8:10 ` Newbie Questions Daniel
2002-04-09 21:39 Gyzmobro
2002-04-09 22:14 ` Glynn Clements
2001-12-11 23:44 Slightly confuzed Charles Steinkuehler
2001-12-12 14:59 ` Newbie questions Charles Steinkuehler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4345915C.7050305@cornell.edu \
--to=ivg2@cornell.edu \
--cc=SELinux@tycho.nsa.gov \
--cc=gpoothia@cs.sunysb.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.