> > > The problem is that rhnmd can do anything. It can execute all probes we have in stack and even some custom, which we do not about. > So it is IMHO impossible to write proper selinux policy for rhnmd (beside donotaudit/unconfined). >
That would make sense to have rhnmd run unconfined then ( allowing the rest of the system to remain confined) but the thing is I'm seeing it run in an sshd_t context which appears to be complicating matters.
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
