trace call path

trace call path

[Shaun Savage]

HI

I have a problem with running iptables (using ipchains.te) from the 
command line, context root:sysadm_r:sysadm_t.  I get no "denied" in the 
log. I am baffled.

I put an "auditallow sysadm_t ipchains_exec_t:file execute; in the 
ipchains.te, I see the execute.

the "auditallow sysadm_t ipchains_t:process transition;"  I don't see that.

on the command line is see "permission denied"

I have also added "role sysadm_t types { ipchains_t}; " 
 ,"domain_auto_trans(sysadm_t,ipchains_exec_t,ipchains_t)"


So I want to learn some debug ideas.  How do you trace the calls through 
selinux?  Or what is the execution flow?

Shaun



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: trace call path

[Stephen Smalley]

On Wed, 16 Jan 2002, Shaun Savage wrote:

> I have also added "role sysadm_t types { ipchains_t}; "

I assume that you mean 'role sysadm_r types { ipchains_t };'.
If not, then this is the error.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.