On Mon, 2013-12-02 at 10:11 -0500, Daniel J Walsh wrote: > On 11/27/2013 05:05 PM, Matthew Miller wrote: > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=990910 > > > > This is a pretty serious problem -- people need to be able to install > > packages via cloud-init. > > > > > I just built selinux-policy-3.12.1-106.fc20 which should fix this issue in > F20, could you try it out and make sure it works for you? > -- i do not see how: + rpm_transition_script(cloud_init_t) fixes this issue: avc: denied { transition } for pid=583 comm="yum" path="/usr/bin/bash" dev="xvda1" ino=4597 scontext=system_u:system_r:cloud_init_t:s0 tcontext=system_u:system_r:rpm_script_t:s0 tclass=process yum is labeled rpm_exec_t: -rwxr-xr-x. root root system_u:object_r:rpm_exec_t:s0 /usr/bin/yum there is a rule that makes processes with the cloud_init_t type transition from cloud_init_t to rpm_t on rpm_exec_t: rpm_domtrans(cloud_init_t) so if that rule was applied at the point of the test than this event shouldnt have occurred ... unless i am missing something -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
