On 05/18/2015 03:26 PM, SZIGETVÁRI János wrote: > Yes, both executables in this case are shell scripts, so you're most > likely right. (*) > > The original scenario seems different though, as the following > conditions are met there: > -- there is an init script with the context syslogd_initrc_exec_t, which > calls a > -- symlink under /opt/<product>/sbin which has the context of bin_t, and > is a reference for the > -- binary executable /opt/<product>/libexec/<executable> which has a > context of syslogd_exec_t. > > Normally this setup works just fine, but one of our customers > encountered a situation where the daemon is stuck as initrc_t. > We have tried verifying every little detail, but we failed to spot any > differences between their environment, where the problem persists, and > ours, where everything works fine. > > > (*) I think, I will write a short C program in order to find out whether > this was in deed the main reason why my demo script failed to transition > to syslogd_t. Also, the most likely explanation for the scenario above is that the customer has the filesystem containing /opt/<product>/libexec/<executable> mounted with nosuid. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
