Yes, both executables in this case are shell scripts, so you're most likely right. (*)
The original scenario seems different though, as the following conditions are met there:2015-05-18 20:34 GMT+02:00 Stephen Smalley <sds@xxxxxxxxxxxxx>:
Sorry, it looks like you are running the equivalent of:On 05/15/2015 04:30 AM, SZIGETVÁRI János wrote:
> Hello Again,
>
> I have managed to reproduce the problem on CentOS 7 as well, but due to
> the exlusion of the run_init command, the script needed a bit of
> tailoring as well.
> I have attached the modified script. (To make up for the "lost"
> run_init, the script has to have the
> "system_u:object_r:run_init_exec_t:s0" context.)
> Anyway, the problem's solution is more pressing on CentOS 6, so any help
> or hints would be appreciated.
bash /path/to/script
in each of your scripts.
Which means exec bash and have it open the script file and read it, then
interpret it. So we never call execve() on the script file and thus we
never perform a domain transition. Is that what you were doing in your
original situation too?
--
Janos SZIGETVARI
E-mail: jszigetvari@xxxxxxxxx
Phone: +36209440412 (Hungary)
__@__˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice.org
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
E-mail: jszigetvari@xxxxxxxxx
Phone: +36209440412 (Hungary)
__@__˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice.org
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
