runcon cmd preventing default domain transition
Daniel J Walsh
dwalsh at redhat.com
Tue May 15 18:32:25 UTC 2007
Clarkson, Mike R (US SSA) wrote:
> I have my policy set up to do a domain transition from the datalabeler_t
> domain to the import_t domain when the datalabeler_t domain executes the
> SimulatedImport (type import_exec_t) executable. This works fine until I
> execute the SimulatedImport executable using a runcon command: "runcon
> -l s1 SimulatedImport"
>
> The intent is to start the import_t domain at the s1 level, but the
> runcon command prevents the default domain transition from occurring. I
> found I had to use the following to force the domain transition while
> also setting the level of the process: "runcon -t import_t -l s1
> SimulatedImport"
>
> Can anyone tell me why I have to explicitly set the type to get the
> domain transition to occur? The policy is set up to do the domain
> transition by default when the ImportExecutable is executed in the
> datalabeler_t domain, and this works fine when I don't use the runcon
> command, but then the import_t domain is not running at the level that I
> want.
>
> Thanks,
> Mike
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
You might get what you want to happen by executing
runcon -l s1 sh -- -c SimulatedImport
More information about the fedora-selinux-list
mailing list