On Sun, Sep 30, 2012 at 7:48 PM, Sven Vermeulen
<sven.vermeulen@xxxxxxxxx> wrote:
> The "Authenticating root." is normal. The execvp error isn't. I get
> the following denial, but I don't think this is the cause of the error
> (mainly because it worked previously):
>
> Sep 30 19:44:02 testsys kernel: [20516.783063] type=1400
> audit(1349027042.720:264): avc: denied { entrypoint } for pid=20672
> comm="run_init" path="/sbin/rc-service" dev="vda1" ino=2373161
> scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:bin_t
> tclass=file
[...]
OK so allowing the following fixes the behavior, yet I'm still not
aware why and if this additional rule is really a good idea. Of
course, without any transition permission, having an entrypoint has no
real threats with it, does it?
"""
allow initrc_t bin_t:file entrypoint;
"""
Wkr,
Sven Vermeulen
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
