Hi,

I'm having a problem with a multithreaded application. It does lengthy  
initialization in advance under relatively privileged context and then switches 
to a less privileged one after the moment when the actual request arrives. 
After that it will create a chrooted container and join all threads to a new 
SELinux context.

However the transition fails with audit message "op=security_bounded_transition 
result=denied oldcontext=old_context newcontext=new_context".

Is there any policy rule that could be used to fix this or is this just not 
supported?

Best regards,

Hannu
--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to