Domain transition not working
Miroslav Grepl
mgrepl at redhat.com
Wed Jan 25 11:08:35 UTC 2012
On 01/24/2012 04:29 PM, Nabeel Moidu wrote:
> Hi
> I've got an executable file script.sh labeled xyz_exec_t. I've also
> defined a domain xyz_t and added daemon_domain(xyz_t, xyz_exec_t) in
> the .te file.
Could you paste your definition of types?
> When compiled and inserted, the file context labels seem to be
> enforced correctly. Normally the executable script.sh is invoked by
> the init scripts.
How does your init script look ?
> As per the domain transition rule, I expect it show up xyz_t as its
> domain in ps -efZ . But the transition does not work as expected. The
> process runs as an unconfined domain.
> But when I add runcon in the line where the init script invokes the
> executable with the domain as xyz_t, the process runs in the proper
> context.
> Once I remove the runcon and invoke the init script, the domain
> transition I applied in the custom module does not work out.
> Any suggestions ?
> NB: The system is on permissive mode and this particular domain xyz_t
> has also been defined as a permissive domain.
> Nabeel
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120125/f7191399/attachment.html>
More information about the selinux
mailing list