Re: up2date does not work under sudo.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2004-03-26 at 05:54, Aleksey Nogin wrote:
> dmesg shows:
> 
> audit(1080298058.273:0): avc:  denied  { transition } for  pid=3821 
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903 
> scontext=aleksey:sysadm_r:sysadm_t 
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.306:0): avc:  denied  { transition } for  pid=3822 
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903 
> scontext=aleksey:sysadm_r:sysadm_t 
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.333:0): avc:  denied  { transition } for  pid=3823 
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903 
> scontext=aleksey:sysadm_r:sysadm_t 
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.431:0): avc:  denied  { transition } for  pid=3824 
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903 
> scontext=aleksey:sysadm_r:sysadm_t 
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process

Should /usr/sbin/up2date be labeled with rpm_exec_t, as is the case for
yum?  chcon -t rpm_exec_t /usr/sbin/up2date, and add an entry to rpm.fc
for future relabels.  That should enable the transition from sysadm_t to
rpm_t, which is a necessary precursor to transitioning to rpm_script_t.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux