[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Cron mail problem with FC6/strict

From: Ted Rule <ejtr layer3 co uk>
To: Fedora-Selinux-List <fedora-selinux-list redhat com>
Subject: Re: Cron mail problem with FC6/strict
Date: Sun, 18 Feb 2007 17:36:29 +0000

On Sat, 2007-02-17 at 21:42 +0000, Ted Rule wrote:
> If so, the workround is presumably for crond to double fork before
> invoking the Job. i.e inside crond, do_command() would call
> child_process(), which would then setexeccon(), then fork() AGAIN to
> drop into the new security context as set by setexeccon(), and only then
> build all the pipes and the greatgrandchild Job process and sendmail
> processes themselves.

Doh. Of course I now realise that a double fork won't help because the
setexecon only affects exec() behaviour, not fork(). So I'm back to
working round the problem with my wrapper script to indirectly launch
sendmail.

-- 
Ted Rule

Director, Layer3 Systems Ltd

W: http://www.layer3.co.uk/

References:
- Re: Cron mail problem with FC6/strict
  - From: Ted Rule
- Re: Cron mail problem with FC6/strict
  - From: Ted Rule

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]