On 03/09/2010 08:53 AM, michel m wrote:
Hello,
I need to run an unconfined process in a confined domain, say httpd_t.
To do so, I changed executable file's context to a confined one, say
httpd_exec_t, but after running it, its process was in unconfined
domain again.
As I searched more, I found that there is not a legal transition for
an unconfined process to a confined one in normal form. I created an
script file which contained scripts for running my desired
application, changed script's context to initrc_exec_t. after running
this script, I get my process unconfined again.
may some one guide me how to resolve this issue and run my application
is unconfined domain?
Regards.
If you want to transition from unconfined_t to httpd_t you need to
execute a script labeled initrc_exec_t.
unconfined_t -> initrc_exec_t -> initrc_t -> httpd_exec_t -> httpd_t
So you need the init script labeled initrc_exec_t and the program you
want to run as httpd_t to be labeled httpd_exec_t.
I would add an id -Z to your initrc_exec_t script to make sure the
transition happened.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.