On 12/18/2015 01:12 AM, Hannu Savolainen wrote:
Hi,
I'm having a problem with a multithreaded application. It does lengthy
initialization in advance under relatively privileged context and then switches
to a less privileged one after the moment when the actual request arrives.
After that it will create a chrooted container and join all threads to a new
SELinux context.
However the transition fails with audit message "op=security_bounded_transition
result=denied oldcontext=old_context newcontext=new_context".
Is there any policy rule that could be used to fix this or is this just not
supported?
First, it is easier and safer to perform the privileged initialization
and switch to the unprivileged context _before_ spawning other threads.
Then you won't have this problem at all.
If for some reason you cannot do that, then the requirement for a
multi-threaded process is that you can only setcon to a domain bounded
by your current domain, where these bounding relationships are defined
through the use of the typebounds statement in policy. The
child/bounded domain is then restricted to a subset of the permissions
of the parent/boundary domain, so you cannot allow the child/bounded
domain any permission not allowed to the parent/boundary domain.
_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
