On 4/29/20 6:29 PM, Ian Pilcher wrote:
On 4/29/20 3:04 PM, Stephen Smalley wrote:
On Wed, Apr 29, 2020 at 3:25 PM Ian Pilcher <arequipeno@xxxxxxxxx> wrote:
Slight update for posterity. It looks like it's possible to use a
symbolic link, so ...
I don't see how that could work. Symbolic link should be resolved and
its
context only ever used to determine whether you could follow/read it.
Not
for the execute check.
I can't speak to how it works, but it does work on CentOS 7.8. I
suppose it's entirely possible that it would fail on a more up-to-date
distribution.
I was incorrect. It doesn't work.
The service does start, but it's running as unconfined_service_t (which
makes even less sense to me). So back to making an actual copy of the
interpreter.
--
========================================================================
Ian Pilcher arequipeno@xxxxxxxxx
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
