I experiemented with this today, and I could see this with selinux and enforcing, but only if I did *not* run the "sudo semanage permissive -a setfiles_mac_t" before it
Can you post the full logs? Did that call return anything?
Yolanda -- my audit2allow gave something slightly different
---
module runcon 1.0;
require {
type bin_t;
type setfiles_mac_t;
class file entrypoint;
}
#============= setfiles_mac_t ==============
#!!!! WARNING: 'bin_t' is a base type.
allow setfiles_mac_t bin_t:file entrypoint;
---
... but; we could also just turn selinux off. I agree we should try to fix it if we can, but I really don't think running with it on is our highest priority
I experiemented with this today, and I could see this with selinux and enforcing, but only if I did *not* run the "sudo semanage permissive -a setfiles_mac_t" before it
Can you post the full logs? Did that call return anything?
Yolanda -- my audit2allow gave something slightly different
---
module runcon 1.0;
require {
type bin_t;
type setfiles_mac_t;
class file entrypoint;
}
#============= setfiles_mac_t ==============
#!!!! WARNING: 'bin_t' is a base type.
allow setfiles_mac_t bin_t:file entrypoint;
---
for my own reference
$ checkmoudule -M -m -o runcon.mod runcon.te
$ semoule_package -o runcon.pp -m runcon.mod
$ semodule -i runcon.pp
... but; we could also just turn selinux off. I agree we should try to fix it if we can, but I really don't think running with it on is our highest priority