Hi, I'm having a problem with a multithreaded application. It does lengthy initialization in advance under relatively privileged context and then switches to a less privileged one after the moment when the actual request arrives. After that it will create a chrooted container and join all threads to a new SELinux context.
However the transition fails with audit message "op=security_bounded_transition result=denied oldcontext=old_context newcontext=new_context". Is there any policy rule that could be used to fix this or is this just not supported? Best regards, Hannu -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html