I get this error in the audit log:
type=SELINUX_ERR msg=audit(1202327606.098:732): security_compute_sid: invalid context system_u:system_r:monetra_t:s0 for scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:monetra_server_exec_t:s0 tclass=process
type=SYSCALL msg=audit(1202327606.098:732): arch=40000003 syscall=11 success=no exit=-13 a0=9d9f650 a1=9d9f5d8 a2=9d8c728 a3=9d9ff20 items=0 ppid=2575 pid=2593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="S99monetra" ex
e="/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)
I was under the assumption that the following would work:
allow initrc_t monetra_server_exec_t:file { read execute getattr};
allow monetra_t monetra_server_exec_t:file { entrypoint };
type_transition initrc_t monetra_server_exec_t:process monetra_t;
I can't do init_daemon_domain(monetra_t,monetra_server_exec_t) because I
can't let sysadm_t read anything involving monetra_t. And I'd thought
I'd read in "selinux by example" that
domain_auto_trans(initrc_t,monetra_server_exec_t,monetra_t) is generally
a bad idea.
Yes, but every time I try to see things your way, I get a headache.
Attachment:
signature.asc
Description: This is a digitally signed message part
