selinux process transition not taking place

SZIGETVÁRI János jszigetvari at gmail.com
Fri May 15 09:49:45 UTC 2015 

Also, is there anything else I can use to troubleshoot this selinux issue?
I have tried:
- turning on permissive mode (- didn't produce any usful logs about my
script)
- running setroubleshootd and then inspecting /var/log/audit/audit.log and
/var/log/messages (- didn't produce any usful logs about my script)
- turning on system call auditing via the audit=1 kernel command line
parameter (- didn't change anything, because auditing is turned on by
default)
(
http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621851
)
- disabling dontaudit policy items (semodule -DB) (- didn't produce any
usful logs about my script)
(
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html
)

[root at centos-test ~]# sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0

--
János

2015-05-15 10:30 GMT+02:00 SZIGETVÁRI János <jszigetvari at gmail.com>:

> Hello Again,
>
> I have managed to reproduce the problem on CentOS 7 as well, but due to
> the exlusion of the run_init command, the script needed a bit of tailoring
> as well.
> I have attached the modified script. (To make up for the "lost" run_init,
> the script has to have the "system_u:object_r:run_init_exec_t:s0" context.)
> Anyway, the problem's solution is more pressing on CentOS 6, so any help
> or hints would be appreciated.
>
> Regards,
> János
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150515/c2367229/attachment.html>

More information about the selinux mailing list