runcon cmd preventing default domain transition
Clarkson, Mike R (US SSA)
mike.clarkson at baesystems.com
Tue May 15 16:07:52 UTC 2007
I have my policy set up to do a domain transition from the datalabeler_t
domain to the import_t domain when the datalabeler_t domain executes the
SimulatedImport (type import_exec_t) executable. This works fine until I
execute the SimulatedImport executable using a runcon command: "runcon
-l s1 SimulatedImport"
The intent is to start the import_t domain at the s1 level, but the
runcon command prevents the default domain transition from occurring. I
found I had to use the following to force the domain transition while
also setting the level of the process: "runcon -t import_t -l s1
SimulatedImport"
Can anyone tell me why I have to explicitly set the type to get the
domain transition to occur? The policy is set up to do the domain
transition by default when the ImportExecutable is executed in the
datalabeler_t domain, and this works fine when I don't use the runcon
command, but then the import_t domain is not running at the level that I
want.
Thanks,
Mike
More information about the fedora-selinux-list
mailing list