-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/02/2013 02:48 PM, Dominick Grift wrote:
On Mon, 2013-12-02 at 14:41 -0500, Daniel J Walsh wrote:
>> avc: denied { transition } for pid=583 comm="yum"
>> path="/usr/bin/bash" dev="xvda1" ino=4597
>> scontext=system_u:system_r:cloud_init_t:s0
>> tcontext=system_u:system_r:rpm_script_t:s0 tclass=process
>>
>>
> We already added a rpm_domtrans(cloud_init_t) rule. My understanding was
> they were still getting the transition rule, which was causing problems.
> I was thinking that the tool had sucked in rpm/yum rules rather then
> executing a separate binary.
I see your point but if that is the case then why is "yum" in comm=?
The way i see it, yum command was executed, and so the transition should
have taken place. That is assuming that the transition rule was in place
when the test was done.
Maybe the avc denial above was't accurate for the latest issue
I am just saying that with the info i have at my disposal, things do not
add up.
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I agree I don't think it was every tested with the latest policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlKdBSoACgkQrlYvE4MpobPFJwCdGr+tmdylRoYgP/eodUlnqtLZ
3V8AoJ7e0iw40RyJ7Mda6gWZfZgtO/ZN
=Uoen
-----END PGP SIGNATURE-----