'Trying to make a python Script execute in it's own SELinux domain
Trying to write a python script which executed in its own domain and has its own policies for access to specific types (file and network ports).
But the problem is that when the script is executed by python then python transitions from to unconfined_t and the script is then executed in unconfined_t. Which is not what i want. I want the script to executed in its own SELinux domain.
How do i ensure that when the script in running it transitions into a script specific domain (so i could have different domains for different scripts and therefore could create different policies for each script).
Tried creating a policy for it (with "sepolicy generate --init") and pointed to the script but it still runs in unconfined_t. Even though labelling and context seemed to be ok (and not unconfined_t).
Guessing the problems is the same for other scripting languages. Does anyone have a method or a fix ? Or am I missing something ?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|