On 12/17/2013 11:23 AM, Jay Corrales wrote: > Folks, > > We're running RedHat Enterprise Linux 5 (rhel5) with selinux strict and > enforcing mode, and finding that something in our configuration prevents a > simple shell script from domain transitioning from user_t to awips_t > context. If we run a test virtual machine with a new install of rhel5, it > does run OK, but something in our current configuration prevents this > result. Wondering if it makes sense to run a tool like apol to find any > clues as to why? The audit log (/var/log/audit/audit.log) shows an AVC > requiring execute_no_trans for user_t (no listed here). Here you say you have a execute_no_trans denial. > [root@localhost ~]# sesearch -a -s user_t -t awips_exec_t -c file -p > execute Here you search for execute permission. They are different. Also, what does ls -Z show for the script? _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
