<div dir="ltr"><div><div><div><div>Also, is there anything else I can use to troubleshoot this selinux issue?<br></div>I have tried:<br></div>- turning on permissive mode (- didn't produce any usful logs about my script)<br></div>- running setroubleshootd and then inspecting /var/log/audit/audit.log and /var/log/messages (- didn't produce any usful logs about my script)<br></div>- turning on system call auditing via the audit=1 kernel command line parameter (- didn't change anything, because auditing is turned on by default)<br>( <a href="http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621851">http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621851</a> )<br><div><div>- disabling dontaudit policy items (semodule -DB) (- didn't produce any usful logs about my script)<br>( <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html</a> )<br></div><div><br>[root@centos-test ~]# sestatus -v<br>SELinux status: enabled<br>SELinuxfs mount: /selinux<br>Current mode: enforcing<br>Mode from config file: enforcing<br>Policy version: 24<br>Policy from config file: targeted<br><br>Process contexts:<br>Current context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023<br>Init context: system_u:system_r:init_t:s0<br>/sbin/mingetty system_u:system_r:getty_t:s0<br>/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023<br><br>File contexts:<br>Controlling term: unconfined_u:object_r:user_devpts_t:s0<br>/etc/passwd system_u:object_r:etc_t:s0<br>/etc/shadow system_u:object_r:shadow_t:s0<br>/bin/bash system_u:object_r:shell_exec_t:s0<br>/bin/login system_u:object_r:login_exec_t:s0<br>/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0<br>/sbin/agetty system_u:object_r:getty_exec_t:s0<br>/sbin/init system_u:object_r:init_exec_t:s0<br>/sbin/mingetty system_u:object_r:getty_exec_t:s0<br>/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0<br><br>--<br></div><div>János<br></div><div><div><div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-15 10:30 GMT+02:00 SZIGETVÁRI János <span dir="ltr"><<a href="mailto:jszigetvari@gmail.com" target="_blank">jszigetvari@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hello Again,<br><br></div>I have managed to reproduce the problem on CentOS 7 as well, but due to the exlusion of the run_init command, the script needed a bit of tailoring as well.<br></div>I have attached the modified script. (To make up for the "lost" run_init, the script has to have the "system_u:object_r:run_init_exec_t:s0" context.)<br></div><div>Anyway, the problem's solution is more pressing on CentOS 6, so any help or hints would be appreciated.<br><br></div><div>Regards,<br></div><div>János<br></div><div><div><div class="gmail_extra"><br clear="all"><br></div></div></div></div>
</blockquote></div><br></div></div></div></div></div></div></div></div>