SELinux is preventing pyzor from getattr access on the file /usr/bin/rpm
Tom Rivers
tom at impact-crater.com
Thu Sep 3 16:29:08 UTC 2015
On 9/2/2015 17:25, Jason L Tibbitts III wrote
> TR> If that is the case, then my question is this: why is SELinux
> TR> blaming pyzor for something abrt is doing?
>
> Because it all happens in the context of the script. abrt basically
> hooks into the backtrace generation logic and runs some extra code.
> This doesn't happen in a separate process.
It's the whole "abrt basically hooks into the backtrace generation
logic" thing that I find particularly interesting. Your explanation
makes it sound as if a separate program is able to gain access to an
existing process and hide its true identity. I must be misunderstanding
the nuts and bolts of this because malware does the exact same thing.
It makes sense to me that if a running process invokes an external
program then that request will be under the context of the running
process because it is what is making the request. However, a program
that has the ability to take on the guise of some other process and make
a request under a context that is not its own means it can hide. I
don't see how that is a good thing especially with respect to programs
like SELinux who must be able to clearly identify who is doing what in
order to perform its role effectively.
Tom
More information about the selinux
mailing list