Curious Behavior doing routine redirection of ping output to (selinux: message 2 of 12) file...
Daniel J Walsh
dwalsh at redhat.com
Sat Dec 24 12:31:57 UTC 2005
Robert Nichols wrote:
> Daniel J Walsh wrote:
>> ping runs under the ping_t domain and it is not allowed to write to
>> the home dir. When you redirect in shell, shell has the application
>> open the file which is not allowed. A hack to get around this
>> problem is
>> ping XYZ | cat > /home/dwalsh/myping
> It's actually the shell that opens the file for input or output
> redirection, so apparently SELinux is denying a write to a file
> that is already open for writing. Curious.
That would seem logical, but from the kernel's perspective it looks like
the ping command is opening the file on redirection. IE
Stdout gets replaced with the write to the file. SELinux blocks on
read/write not open.
More information about the fedora-selinux-list