Hi there, I’m a beginner of SELinux and i’m trying to implement “type_transition” (process mode), this is my rules: ###### TYPE TRANSITION FOR lvm_t ############################ role diskadm_role_r types lvm_t; type_transition diskadm_role_t lvm_exec_t : process lvm_t; allow diskadm_role_t lvm_exec_t : file { getattr read open execute}; allow diskadm_role_t lvm_t: process transition; ######################################################### But when I launch lvm commands, for example “lvdisplay” I receive this message: ############################################################### bash-4.1# lvdisplay lvdisplay: error while loading shared libraries: /lib64/ld-linux-x86-64.so.2: cannot apply additional memory protection after relocation: Permission denied ############################################################### I go to see in audit.log, and i’ve these avc-denied: ############################################################### type=AVC msg=audit(1361254531.179:7044668): avc: denied { sigchld } for pid=3968 comm="bash" scontext=ssh_role_u:diskadm_role_r:lvm_t:s0 tcontext=ssh_role_u:diskadm_role_r:diskadm_role_t:s0 tclass=process ############################################################### I should create only a new rule for “allow lvm_t diskadm_role_t: process sigchild”, but there is a good reason because I must allow this? I’m reading/studing a guide for “type_transition” in "SELinux By Example book" and in this link: http://selinuxproject.org/page/TypeRules but i don’t see anything about “sigchild” and it’s not highlighted nowhere as requirement for "type_transition" rule. Thanks in advance, Maurizio Pagani |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
