KaiGai Kohei wrote: > However, SElinux does not allow to revert its privilege (security context) > unconditionally, even if it is dynamically changed. > If we want to revert it, the security policy has to allow B->A in addition > to A->B, but it is generally nonsense. > It is also the reason why we need a one-time thread or process to assign > individual privileges for each requests.
Sounds like it's time for you to hack up an alternate, selinux based mpm.
