Stephen Smalley wrote: : > Does SELinux prevent the environment variables to be inherited : > over exec()? If so, how can I enable it? : : On a domain transition, by default, SELinux will set the AT_SECURE auxv : flag and glibc will then sanitize the environment in the same manner as : for setuid/setgid program execution. You can disable that behavior on a : selective basis by allowing the "noatsecure" permission between the old : and new domains. You would add the following allow rule to your policy: : : allow mydaemon_t myprogram_t:process noatsecure;
Thanks for the explanation. I have already tested that the above rule solves the problem for me (found it out using semodule -DB, as suggested by Dominick Grift).
-Yenya