fedora-selinux January 2012 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Domain transition not working

Re: Domain transition not working

From: Miroslav Grepl <mgrepl_at_nospam>
Date: Wed Jan 25 2012 - 11:08:35 GMT
To: Nabeel Moidu <nabeelmoidu@gmail.com>

On 01/24/2012 04:29 PM, Nabeel Moidu wrote:
> Hi
> I've got an executable file script.sh labeled xyz_exec_t. I've also
> defined a domain xyz_t and added daemon_domain(xyz_t, xyz_exec_t) in
> the .te file.
Could you paste your definition of types?
> When compiled and inserted, the file context labels seem to be
> enforced correctly. Normally the executable script.sh is invoked by
> the init scripts.
How does your init script look ?
> As per the domain transition rule, I expect it show up xyz_t as its
> domain in ps -efZ . But the transition does not work as expected. The
> process runs as an unconfined domain.
> But when I add runcon in the line where the init script invokes the
> executable with the domain as xyz_t, the process runs in the proper
> context.
> Once I remove the runcon and invoke the init script, the domain
> transition I applied in the custom module does not work out.
> Any suggestions ?
> NB: The system is on permissive mode and this particular domain xyz_t
> has also been defined as a permissive domain.
> Nabeel
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux