redirect stdout and stderr to different file under sandboxing in linux

Daniel J Walsh dwalsh at redhat.com
Thu May 28 10:23:38 UTC 2015 

What AVC's are you seeing?

audit2allow -la

On 05/23/2015 07:19 AM, Bhuvan Gupta wrote:
> MORE INFO
>
> content of Test.cpp
> /#include<stdio>/
> / int main(void) {/
> /  fprintf(stderr,"error/n");/
> /  return 0;/
> / }/
>
> compile it and now
> /./a.out /
> print error to console
>
> /./a.out 2> err/
> print to err file
>
> /sandbox ./a.out 2>err/
> nothing gets printed on console or in err file.
> Is sandbox is eating it up ?
>
> Thanks
> Bhuvan
>
>
>
>
> On Sat, May 23, 2015 at 4:02 PM, Bhuvan Gupta <bhuvangu at gmail.com
> <mailto:bhuvangu at gmail.com>> wrote:
>
>     EXTRA INFO:
>
>     even if i run 
>     /sandbox ./a.out/
>     /
>     /
>     Even then it doesnt print floating point error on console
>
>     On Sat, May 23, 2015 at 3:40 PM, Bhuvan Gupta <bhuvangu at gmail.com
>     <mailto:bhuvangu at gmail.com>> wrote:
>
>         Hello All,
>
>         I have an Test.cpp which is run under sandbox(RHEL7):
>
>         Test.cpp content:
>         #include<stdio>
>          int main(void) {
>           int a = 1/0;
>           return 0;
>          }
>
>         compile it using gcc(4.8) Test.cpp which produces the a.out
>         Now running a.out prints floating pointing exception on console
>
>         Now i thought that if i redirect stderr to a file, i expect
>         the error to be printed in file.
>         But that is not the case it still continue to print in console.
>         Googling reveal that under such exception the program is
>         terminated immediately and if you capture the stderr of bash
>         then it should redirect.
>         So i run
>         /su -c ./a.out 2>err /
>         Bingo error get printed in err file.
>
>         Now the MAIN GAME STARTS
>         i want to run it under sandbox 
>         so i run:
>         /su -c 'sandbox ./a.out 1>out 2>err'/
>         But there is nothing printed in err file or in console.
>
>         How to capture stdout and stderr under such situation ?
>
>
>         Thanks
>         Bhuvan
>
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150528/754f1d37/attachment.html>

More information about the selinux mailing list