On Mon, 2013-12-02 at 14:41 -0500, Daniel J Walsh wrote:
> > avc: denied { transition } for pid=583 comm="yum" path="/usr/bin/bash"
> > dev="xvda1" ino=4597 scontext=system_u:system_r:cloud_init_t:s0
> > tcontext=system_u:system_r:rpm_script_t:s0 tclass=process
> >
> >
> We already added a rpm_domtrans(cloud_init_t) rule. My understanding was they
> were still getting the transition rule, which was causing problems. I was
> thinking that the tool had sucked in rpm/yum rules rather then executing a
> separate binary.
I see your point but if that is the case then why is "yum" in comm=?
The way i see it, yum command was executed, and so the transition should
have taken place. That is assuming that the transition rule was in place
when the test was done.
Maybe the avc denial above was't accurate for the latest issue
I am just saying that with the info i have at my disposal, things do not
add up.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
