FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

LinkBack Thread Tools
Old 03-05-2009, 08:57 PM
Jan Kasprzak
Default Environment variables over exec()?

Stephen Smalley wrote:
: > Does SELinux prevent the environment variables to be inherited
: > over exec()? If so, how can I enable it?
: On a domain transition, by default, SELinux will set the AT_SECURE auxv
: flag and glibc will then sanitize the environment in the same manner as
: for setuid/setgid program execution. You can disable that behavior on a
: selective basis by allowing the "noatsecure" permission between the old
: and new domains. You would add the following allow rule to your policy:
: allow mydaemon_t myprogram_trocess noatsecure;

Thanks for the explanation. I have already tested that the above
rule solves the problem for me (found it out using semodule -DB, as
suggested by Dominick Grift).


| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
>> If you find yourself arguing with Alan Cox, you’re _probably_ wrong. <<
>> --James Morris in "How and Why You Should Become a Kernel Hacker" <<

fedora-selinux-list mailing list

Thread Tools

All times are GMT. The time now is 03:55 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org