[patch][resend] Domain assignment support for SELinux/AppArmor/LIDS
Denys Vlasenko
vda.linux at googlemail.com
Sat Aug 25 11:13:26 PDT 2007
On Tuesday 21 August 2007 00:38, Yuichi Nakamura wrote:
> Hello.
> Denis said please resend patches,
> So we would like to send this mail again.
Applied, thanks!
> 3. Limitation
> Programs that are used as interpreter can not be installed as script
> wrapper. It is due to limitation of exec(interpreter can not be called
> twice). For example, /bin/sh can not be installed as script wrapper.
> If /bin/sh is installed as script wrapper, shell scripts do not run.
> In interpreting #!/bin/sh
Interpreters are not typically assigned non-default domain, right?
So this is not a big problem.
Otherwise, you may try to "fix" this on kernel level, by allowing
"recursive" #!/path/interpreter (with a limit on depth, of course).
--
vda
More information about the busybox
mailing list