On Tue, 2009-08-11 at 17:26 +0100, John Smith wrote: > Hello, > I'm doing a testing for SELinux, so far I have create a domain for a > special program. It does work correctly. > I have not given the domain any permissions to access any top leve > directories or their subdirectories since I am running it in chroot. > The thing when it came to testing now, I have created some bash files, > and labelled with with exec as the entry to the domain. > But even after changing the default security context for these bash > files, when executing them, the still be in unconfined domain instead > of entering the new domain for testing. > Anyone can identify where is the problem? Do the bash scripts have the #!/bin/bash header? If not, then the kernel won't execute them and bash will fall back to reading them as input files, in which case they won't transition. If you strace the script with and without the header, you'll see that the actual sequence differs. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
