Re: selinux process transition not taking place

SZIGETVÁRI János <jszigetvari@xxxxxxxxx> · Fri, 15 May 2015 11:49:45 +0200

Also, is there anything else I can use to troubleshoot this selinux issue?
I have tried:
- turning on permissive mode (- didn't produce any usful logs about my script)
- running setroubleshootd and then inspecting /var/log/audit/audit.log and /var/log/messages (- didn't produce any usful logs about my script)
- turning on system call auditing via the audit=1 kernel command line parameter (- didn't change anything, because auditing is turned on by default)
( http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4621851 )
- disabling dontaudit policy items (semodule -DB) (- didn't produce any usful logs about my script)
( https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Fixing_Problems-Possible_Causes_of_Silent_Denials.html )

[root@centos-test ~]# sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

Process contexts:
Current context:                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context:                   system_u:system_r:init_t:s0
/sbin/mingetty                  system_u:system_r:getty_t:s0
/usr/sbin/sshd                  system_u:system_r:sshd_t:s0-s0:c0.c1023

File contexts:
Controlling term:               unconfined_u:object_r:user_devpts_t:s0
/etc/passwd                     system_u:object_r:etc_t:s0
/etc/shadow                     system_u:object_r:shadow_t:s0
/bin/bash                       system_u:object_r:shell_exec_t:s0
/bin/login                      system_u:object_r:login_exec_t:s0
/bin/sh                         system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty                    system_u:object_r:getty_exec_t:s0
/sbin/init                      system_u:object_r:init_exec_t:s0
/sbin/mingetty                  system_u:object_r:getty_exec_t:s0
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t:s0

--
János

2015-05-15 10:30 GMT+02:00 SZIGETVÁRI János <jszigetvari@xxxxxxxxx>:
Hello Again,

I have managed to reproduce the problem on CentOS 7 as well, but due to the exlusion of the run_init command, the script needed a bit of tailoring as well.
I have attached the modified script. (To make up for the "lost" run_init, the script has to have the "system_u:object_r:run_init_exec_t:s0" context.)
Anyway, the problem's solution is more pressing on CentOS 6, so any help or hints would be appreciated.

Regards,
János

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux