Domains, interpreted languages, and Cron scripts
Stephen Smalley
sds at epoch.ncsc.mil
Mon Aug 16 13:14:04 UTC 2004
On Sun, 2004-08-15 at 02:03, Colin Walters wrote:
> You can see from the above that when I originally executed the script, I
> remained in the security context root:sysadm_r:sysadm_t. That's because
> the script had the bin_t type, and there is no transition. However,
> when I changed the type of the script to unconfined_exec_t, this caused
> a transition to root:sysadm_r:unconfined_t (note the different type).
>
> So what you would do is create your own domain foo_script_t, and just
> do:
> chcon -t foo_script_t /path/to/script
Just as a reminder, domain transitions on scripts should only be done
when shedding permissions.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list