From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/523.15.1 (KHTML, like Gecko) Version/3.0.4 Safari/523.15 Description of problem: upstart is launching bash and shell scripts in the wrong type. Patch attached. Version-Release number of selected component (if applicable): selinux-policy-mls-3.3.1-12 How reproducible: Always Steps to Reproduce: Boot in MLS/Enforcing Actual Results: Expected Results: Additional info:
Created attachment 297438 [details] Patch to launch bash with correct type.
Joe, Chris has vetoed this change, I think we should leave the context in init_t and then handle the avc's caused by this.
Do you want me to generate a new patch based on the init_upstart tunable work Chris did?
Chris added corecmd_shell_domtrans(init_t,initrc_t) to the policy but I needed corecmd_shell_entry_type(initrc_t) also to get things to work (see original patch).
Fixed in selinux-policy-3.3.1-14.fc9
Added your patch that is.