Re: Environment variables over exec()?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Smalley wrote:
: > 	Does SELinux prevent the environment variables to be inherited
: > over exec()? If so, how can I enable it?
: 
: On a domain transition, by default, SELinux will set the AT_SECURE auxv
: flag and glibc will then sanitize the environment in the same manner as
: for setuid/setgid program execution.  You can disable that behavior on a
: selective basis by allowing the "noatsecure" permission between the old
: and new domains.  You would add the following allow rule to your policy:
: 
: allow mydaemon_t myprogram_t:process noatsecure;

	Thanks for the explanation. I have already tested that the above
rule solves the problem for me (found it out using semodule -DB, as
suggested by Dominick Grift).

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux