/usr/bin/run-parts->system_u:object_r:bin_t (?!)
Tom London
selinux at comcast.net
Wed Jun 16 22:54:42 UTC 2004
/usr/bin/run-parts has context system_u:object_r:bin_t under
selinux-policy-strict-1.13.4-6 (and earlier).
crond_t.te has entries to search bin_t dirs, but not to
read/getattr/execute bin_t files.
Here is the AVC for run-parts:
audit(1087423260.368:0): avc: denied { getattr } for pid=4135
exe=/bin/bash path=/usr/bin/run-parts dev=hdb3 ino=1006312
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:bin_t
tclass=file
thanks.
tom
More information about the fedora-selinux-list
mailing list