On Sun, 2005-01-09 at 01:20 -0500, Valdis.Kletnieks@vt.edu wrote:
I notice yours is flagged as 'unconfined_t', which smells a lot like running the targeted policy. The design point for that policy is "constrain certain daemons, but assume that users are in general trusted and know what they're doing". As such, it's assuming that if you're loading the policy from a chroot that you know what you're doing and should be allowed to do so. If that doesn't describe how you want things to work, maybe you should be running 'strict' instead of 'targeted'?
I actually like the flexibility of targeted and I tried strict yesterday and it causes my system to hang. When I do get the chance I will play around with strict though.
Bob