On 12/18/2015 01:12 AM, Hannu Savolainen wrote:
Hi, I'm having a problem with a multithreaded application. It does lengthy initialization in advance under relatively privileged context and then switches to a less privileged one after the moment when the actual request arrives. After that it will create a chrooted container and join all threads to a new SELinux context. However the transition fails with audit message "op=security_bounded_transition result=denied oldcontext=old_context newcontext=new_context". Is there any policy rule that could be used to fix this or is this just not supported?
First, it is easier and safer to perform the privileged initialization and switch to the unprivileged context _before_ spawning other threads. Then you won't have this problem at all.
If for some reason you cannot do that, then the requirement for a multi-threaded process is that you can only setcon to a domain bounded by your current domain, where these bounding relationships are defined through the use of the typebounds statement in policy. The child/bounded domain is then restricted to a subset of the permissions of the parent/boundary domain, so you cannot allow the child/bounded domain any permission not allowed to the parent/boundary domain.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
