up2date does not work under sudo.
Stephen Smalley
sds at epoch.ncsc.mil
Fri Mar 26 13:21:23 UTC 2004
On Fri, 2004-03-26 at 05:54, Aleksey Nogin wrote:
> dmesg shows:
>
> audit(1080298058.273:0): avc: denied { transition } for pid=3821
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
> scontext=aleksey:sysadm_r:sysadm_t
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.306:0): avc: denied { transition } for pid=3822
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
> scontext=aleksey:sysadm_r:sysadm_t
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.333:0): avc: denied { transition } for pid=3823
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
> scontext=aleksey:sysadm_r:sysadm_t
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
> audit(1080298058.431:0): avc: denied { transition } for pid=3824
> exe=/usr/bin/python path=/bin/bash dev=hda2 ino=3662903
> scontext=aleksey:sysadm_r:sysadm_t
> tcontext=aleksey:sysadm_r:rpm_script_t tclass=process
Should /usr/sbin/up2date be labeled with rpm_exec_t, as is the case for
yum? chcon -t rpm_exec_t /usr/sbin/up2date, and add an entry to rpm.fc
for future relabels. That should enable the transition from sysadm_t to
rpm_t, which is a necessary precursor to transitioning to rpm_script_t.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list