Hello,
We're using virtualenv so we can use weird and wonderful python
libraries. In the process of writing the SELinux policy module we have
found that the parent process is in the initrc_t domain rather than the
desired myapp_t domain.
It seems the virtualenv parent process is not transitioning to the
nativeapi_t domain because the shell command "source" is not a
standalone executable therefore we cannot set this with the
"nativeapi_exec_t" type label. Is there a way around that would be more
elegant than using some kind of wrapper script?
Its a bit odd to me that the parent process can be in one domain and the
children in another.
Thanks,
Andrew
system_u:system_r:initrc_t:s0 4086
/usr/bin/sh -c source /var/lib/myapp/env/bin/activate && gunicorn ...
system_u:system_r:myapp_t:s0 4091
\_ /var/lib/native-api/env/bin/python /var/lib/myapp/env/bin/gunicorn ...
system_u:system_r:myapp_t:s0 4176
\_ /var/lib/native-api/env/bin/python
/var/lib/native-api/env/bin/gunicorn ...
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
