[DSE-User] security_bounded_transition denied for apt-daily.timer
Gerald Turner
gturner at unzane.com
Wed Aug 16 19:12:36 UTC 2017
On Sun, Jun 25 2017, Gerald Turner wrote:
> Now I've noticed several timers (apt-daily.timer,
> apt-daily-upgrade.service, and painintheapt-daily.timer) also cause
> similar audit messages every time their services are executed:
>
> audit: type=1401 audit(1498417202.987:9091):
> op=security_bounded_transition seresult=denied
> oldcontext=system_u:system_r:initrc_t:s0
> newcontext=system_u:system_r:dpkg_t:s0
FWIW I seem to have solved my problem by cluelessly running:
# semanage fcontext -a -t dpkg_exec_t /usr/sbin/painintheapt
# restorecon /usr/sbin/painintheapt
I probably conflated the three aforementioned timers when the problem
was really limited to just painintheapt.
I'd appreciate any feedback as to whether there's any better type to use
than dpkg_exec_t, as I imagine dpkg_exec_t has a great number of
privileges and not suitable for a Python script, running as root,
connecting to XMPP!
--
Gerald Turner <gturner at unzane.com> Encrypted mail preferred!
OpenPGP: 4096R / CA89 B27A 30FA 66C5 1B80 3858 EC94 2276 FDB8 716D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20170816/79c7c868/attachment.sig>
More information about the Selinux-user
mailing list