Dear people,
I try to allow a daemonized python script to execute
the following commands out of the script.
setfilecon
restorecon
killall
That works fine if I call the commands in a python
script runned from the shell as sysadm_r.
But the daemon runs as a linux user belonging to the
daemon group and as well as in its own se-context.
ps aux output:
------------------------------------------------------------------------
root [...] \_ supervise pyserv
pyserv [...] | \_ /usr/bin/python2.4
/path/to/pyserv.py
------------------------------------------------------------------------
ps auxZ output:
------------------------------------------------------------------------
system_u:system_r:svc_start_t [...] \_ supervise
pyserv
system_u:system_r:pyserv_t [...] | \_
/usr/bin/python2.4 /path/to/pyserv.py
------------------------------------------------------------------------
Commands like cp/rm/rmdir are working fine when called
from the daemon (using pythons os-lib/-functions).
But how to get access to the special commands above?
How would you do it? What would be the most secure
way?
Can I make a domain transition to the restorecon
domain? If so, how without having a role for the
pyserv)? Which domain is responsible for the killall
command?
What I'm also curious about is, that I get no avc log
entries when calling restorecon out of the deamon.
Any help veryy appreciated. I would be happy too for
any explanation.
Thanks a lot!
Best Regards,
Jan
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
--
[email protected] mailing list
