selinux process transition not taking place
SZIGETVÁRI János
jszigetvari at gmail.com
Fri May 15 09:49:45 UTC 2015
Also, is there anything else I can use to troubleshoot this selinux issue?
I have tried:
- turning on permissive mode (- didn't produce any usful logs about my
script)
- running setroubleshootd and then inspecting /var/log/audit/audit.log and
/var/log/messages (- didn't produce any usful logs about my script)
- turning on system call auditing via the audit=1 kernel command line
parameter (- didn't change anything, because auditing is turned on by
default)
(
http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621851
)
- disabling dontaudit policy items (semodule -DB) (- didn't produce any
usful logs about my script)
(
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html
)
[root at centos-test ~]# sestatus -v
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Process contexts:
Current context:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/sbin/mingetty system_u:system_r:getty_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023
File contexts:
Controlling term: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:etc_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:init_exec_t:s0
/sbin/mingetty system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
--
János
2015-05-15 10:30 GMT+02:00 SZIGETVÁRI János <jszigetvari at gmail.com>:
> Hello Again,
>
> I have managed to reproduce the problem on CentOS 7 as well, but due to
> the exlusion of the run_init command, the script needed a bit of tailoring
> as well.
> I have attached the modified script. (To make up for the "lost" run_init,
> the script has to have the "system_u:object_r:run_init_exec_t:s0" context.)
> Anyway, the problem's solution is more pressing on CentOS 6, so any help
> or hints would be appreciated.
>
> Regards,
> János
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150515/c2367229/attachment.html>
More information about the selinux
mailing list