cloud-init blocked from installing rpm with scripts -- f19 issue still with us
Daniel J Walsh
dwalsh at redhat.com
Mon Dec 2 22:09:46 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/02/2013 02:48 PM, Dominick Grift wrote:
> On Mon, 2013-12-02 at 14:41 -0500, Daniel J Walsh wrote:
>
>>> avc: denied { transition } for pid=583 comm="yum"
>>> path="/usr/bin/bash" dev="xvda1" ino=4597
>>> scontext=system_u:system_r:cloud_init_t:s0
>>> tcontext=system_u:system_r:rpm_script_t:s0 tclass=process
>>>
>
>>>
>> We already added a rpm_domtrans(cloud_init_t) rule. My understanding was
>> they were still getting the transition rule, which was causing problems.
>> I was thinking that the tool had sucked in rpm/yum rules rather then
>> executing a separate binary.
>
> I see your point but if that is the case then why is "yum" in comm=?
>
> The way i see it, yum command was executed, and so the transition should
> have taken place. That is assuming that the transition rule was in place
> when the test was done.
>
> Maybe the avc denial above was't accurate for the latest issue
>
> I am just saying that with the info i have at my disposal, things do not
> add up.
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I agree I don't think it was every tested with the latest policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKdBSoACgkQrlYvE4MpobPFJwCdGr+tmdylRoYgP/eodUlnqtLZ
3V8AoJ7e0iw40RyJ7Mda6gWZfZgtO/ZN
=Uoen
-----END PGP SIGNATURE-----
More information about the selinux
mailing list