On Fri, 2004-03-26 at 05:54, Aleksey Nogin wrote:
dmesg shows:
audit(1080298058.273:0): avc: denied { transition } for pid=3821
exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
scontext=aleksey:sysadm_r:sysadm_t
tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
audit(1080298058.306:0): avc: denied { transition } for pid=3822
exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
scontext=aleksey:sysadm_r:sysadm_t
tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
audit(1080298058.333:0): avc: denied { transition } for pid=3823
exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
scontext=aleksey:sysadm_r:sysadm_t
tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
audit(1080298058.431:0): avc: denied { transition } for pid=3824
exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
scontext=aleksey:sysadm_r:sysadm_t
tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
Should /usr/sbin/up2date be labeled with rpm_exec_t, as is the case for
yum? chcon -t rpm_exec_t /usr/sbin/up2date, and add an entry to rpm.fc
for future relabels. That should enable the transition from sysadm_t to
rpm_t, which is a necessary precursor to transitioning to rpm_script_t.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency