pptp_t quota_nld_t sshd_sandbox_t nova_ajax_t nova_api_t nova_compute_t nova_direct_t nova_network_t nova_objectstore_t nova_scheduler_t nova_vncproxy_t nova_volume_t rabbitmq_epmd_t rabbitmq_beam_t deltacloudd_t iwhd_t mongod_t thin_t chrome_sandbox_nacl_t matahari_sysconfigd_t

couchdb_t (/usr/bin/couchdb)

blueman_t (/usr/libexec/blueman-mechanism)

httpd_zoneminder_script_t (/usr/libexec/zoneminder/cgi-bin(/.*)?)

zoneminder_t (/usr/bin/zmpkg.pl)

selinux_munin_plugin_t (/usr/share/munin/plugins/selinux_avcsta t)

sge_shepherd_t (/usr/bin/sge_shepherd)

sge_execd_t (/usr/bin/sge_execd)

sge_job_t

matahari_rpcd_t (/usr/bin/sge_execd)

keystone_t (/usr/bin/keystone-all)

pacemaker_t (/usr/sbin/pacemakerd)

Each Fedora we release a bunch of new domains that will run in permissive mode for the release. When the next release is released, the permissive domains are made enforcing.In my blog, 10 things you probably did not know about SELinux.. #4 , I describe how you can interact with permissive domains.Any ways these are the permissive domains in Fedora 16 that will now be confined.Of course I reserve the right to add to this list. our goal is to make sure all init/dbus services run with a type other then initrc_t.If you see a process on your machine that is shipped from Fedora running as initrc_t, please open a bugzilla on SELinux policy.