On 9/2/2015 17:25, Jason L Tibbitts III wrote
TR> If that is the case, then my question is this: why is SELinux TR> blaming pyzor for something abrt is doing? Because it all happens in the context of the script. abrt basically hooks into the backtrace generation logic and runs some extra code. This doesn't happen in a separate process.
It's the whole "abrt basically hooks into the backtrace generation logic" thing that I find particularly interesting. Your explanation makes it sound as if a separate program is able to gain access to an existing process and hide its true identity. I must be misunderstanding the nuts and bolts of this because malware does the exact same thing.
It makes sense to me that if a running process invokes an external program then that request will be under the context of the running process because it is what is making the request. However, a program that has the ability to take on the guise of some other process and make a request under a context that is not its own means it can hide. I don't see how that is a good thing especially with respect to programs like SELinux who must be able to clearly identify who is doing what in order to perform its role effectively.
Tom -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
