On 05/19/2015 11:48 AM, Ted Toth wrote: > I've got a process that runs at SystemHigh who's type has lots of mac > privileges call it x_t that execs (calling fork, setexeccon and then > execv) other processes in a less privileged type call it y_t and at > 'lower' levels. Between the fork and exec I also close all of the file > descriptor 0 to maxfd. The issue is that there are MLS constraint AVCs > generated for the y_t 'use' access of the fd for ld.so because it is > labeled x_t:SystemHigh. Since I did the setexeccon to y_t I'd have > thought that ld.so would have been opened as y_t. What am I missing > here? Kernel opens ld.so before the credential change, e.g. see: http://marc.info/?l=linux-security-module&m=130339623211102&w=2 There were patches floated to change that behavior but it was controversial and would affect user-visible behavior so it would at least need some kind of compatibility switch. I think you either have to allow it or have your privileged process first invoke a statically linked "gate" executable that then invokes the real program so that ld.so is re-opened in the right context. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
