LinuxQuestions.org - initrc_t bash: /etc/init.d/network: /bin/bash: bad interpreter: Permission denied

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - initrc_t bash: /etc/init.d/network: /bin/bash: bad interpreter: Permission denied (https://www.linuxquestions.org/questions/linux-security-4/initrc_t-bash-etc-init-d-network-bin-bash-bad-interpreter-permission-denied-4175707457/)

initrc_t bash: /etc/init.d/network: /bin/bash: bad interpreter: Permission denied

Hello, on my CentOS 7.6 with SELinux enforcing I faced with the issue:

Code:

# id

uid=0(root) gid=0(root) groups=0(root) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023



#ls -lZ /etc/init.d/network

-rwxr-x---. root root system_u:object_r:initrc_exec_t:s0 /etc/init.d/network



#  /etc/init.d/network

bash: /etc/init.d/network: /bin/bash: bad interpreter: Permission denied



# sh /etc/init.d/network

Usage: /etc/init.d/network {start|stop|status|restart|force-reload}





# runcon -r sysadm_r /etc/init.d/network

Usage: /etc/init.d/network {start|stop|status|restart|force-reload}

So, it looks like some restriction doesn't allow to execute files with initrc_exec_t type.
Any Ideas of how to fix that?

What is the output of getsebool sysadm_exec_content?

Are there local policy customization that can be shown with

Code:

semanage user -lC

or with

Code:

semanage login -lC

Quote:

Originally Posted by shruggy (Post 6325485)

What is the output of getsebool sysadm_exec_content?

Are there local policy customization that can be shown with

Code:

semanage user -lC

or with

Code:

semanage login -lC

Yes, a bit:

Code:

 semanage login -lC



Login Name          SELinux User        MLS/MCS Range        Service



__default__          user_u              s0                  *

sluge                sysadm_u            s0-s0:c0.c1023      *