Re: /usr/bin/run-parts->system_u:object_r:bin_t (?!)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is it possible that the 'mrtg_exec_t' issue is the same? crond seems to want to execute /usr/bin/mrtg (system_u:object:r:mrtg_exec_t) as crond_t as well.....

tom

Russell Coker wrote:

On Thu, 17 Jun 2004 08:54, Tom London <selinux@xxxxxxxxxxx> wrote:


/usr/bin/run-parts has context system_u:object_r:bin_t under
selinux-policy-strict-1.13.4-6 (and earlier).

crond_t.te has entries to search bin_t dirs, but not to
read/getattr/execute bin_t files.

Here is the AVC for run-parts:
audit(1087423260.368:0): avc: denied { getattr } for pid=4135
exe=/bin/bash path=/usr/bin/run-parts dev=hdb3 ino=1006312
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:bin_t
tclass=file



This appears to be a bug in crond, it should not be executing that program in crond_t.




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux