Fwd: selinux process transition not taking place

SZIGETVÁRI János <jszigetvari@xxxxxxxxx> · Tue, 26 May 2015 14:15:25 +0200

2015-05-21 15:52 GMT+02:00 Stephen Smalley <sds@xxxxxxxxxxxxx>:
Wait, that denial shows that it was already running in syslogd_t and

then tried to execute the script.  execute_no_trans is when you try to

execute something without changing contexts.

Yes, it surprises me too, and I don't seem to understand it either...

[root@centos-test aaa]# run_init /bin/bash
Authenticating root.
Password: 
[root@centos-test /]# id
uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:initrc_t:s0
[root@centos-test /]# ps auxfZ | grep $$
system_u:system_r:initrc_t:s0   root      6357  0.0  0.1 108300  1888 pts/0    S    16:04   0:00  |       \_ /bin/bash
system_u:system_r:initrc_t:s0   root      6369  0.0  0.0 103240   860 pts/0    S+   16:04   0:00  |           \_ grep 6357
[root@centos-test /]# ls -lZ /root/aaa/syslogd_exec_t_test.sh /bin/bash
-rwxr-xr-x. root root system_u:object_r:shell_exec_t:s0 /bin/bash
-rwxr-xr-x. root root system_u:object_r:syslogd_exec_t:s0 /root/aaa/syslogd_exec_t_test.sh
[root@centos-test /]# cat /root/aaa/syslogd_exec_t_test.sh 
#!/bin/sh
export PATH="/bin:/usr/bin"
echo ${$}
ps auxfZ | fgrep -v grep | fgrep ${$} 
[root@centos-test /]# /root/aaa/syslogd_exec_t_test.sh 
/bin/sh: /root/aaa/syslogd_exec_t_test.sh: Permission denied
[root@centos-test /]# setenforce 0
[root@centos-test /]# /root/aaa/syslogd_exec_t_test.sh 
6374
system_u:system_r:syslogd_t:s0 
 root      6374  0.0  0.0 106060  1340 pts/0    S+   16:05   0:00  
|           \_ /bin/sh /root/aaa/syslogd_exec_t_test.sh
[root@centos-test /]# setenforce 1
[root@centos-test /]# exit

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux