On 05/18/2015 03:26 PM, SZIGETVÁRI János wrote:
Yes, both executables in this case are shell scripts, so you're
likely right. (*)
The original scenario seems different though, as the following
conditions are met there:
-- there is an init script with the context syslogd_initrc_exec_t, which
-- symlink under /opt/<product>/sbin which has the context of bin_t, and
is a reference for the
-- binary executable /opt/<product>/libexec/<executable> which has a
context of syslogd_exec_t.
Normally this setup works just fine, but one of our customers
encountered a situation where the daemon is stuck as initrc_t.
We have tried verifying every little detail, but we failed to spot any
differences between their environment, where the problem persists, and
ours, where everything works fine.
(*) I think, I will write a short C program in order to find out whether
this was in deed the main reason why my demo script failed to transition
Also, the most likely explanation for the scenario above is that the
customer has the filesystem containing
/opt/<product>/libexec/<executable> mounted with nosuid.