Sorry, just to clarify the main bit I missed out somehow, if I change Permissive to Disabled and don't touch the script, the script would still run fine without the exec format error. On 10/4/06, Ian mu <mu.llamas at gmail.com> wrote: > > Hiya, I tried to replicate as much of it as I could on my home pc and hit > a few problems I hadn't initially thought about with selinux (it's pretty > much my first experience with it, so I may be barking up the wrong tree as > some of the scripts aren't mine). I can't replicate to be 100% sure, but the > problems extremely similar. > > Basically to test, I used sudo (as quite a few of our scripts do) with > permissive on. If a shell isn't specified in a script, test.sh is just > something like echo "hello" with no #!/bin/bash at first (naturally sudoers > file set up). > > sudo -H -u ian ./test.sh this will return with "sesh: Error execing > ./test.sh: Exec format error > > If I add #!/bin/bash to the start it will be fine. > > I'm assuming here, the problem is with sudo using sesh and > interaction with selinux. I had assumed permissive on was purely logging > only and no difference in execution other than that. I'm also assuming this > is by design, and not a bug (as the problem likely wouldn't be there with > better designed scripts). > > Naturally some problems can be got around easily by just adding the shell, > but there's a few where not so simple (original problem was with cron), so > was looking for a quicker fix to temp get them working by turning permissive > off. > > Thanks, Ian > > > > > On 10/3/06, Karanbir Singh <mail-lists at karan.org> wrote: > > > > Ian mu wrote: > > > Hiya all, > > > > > > After some problems the other day, I've tracked down a problem I've > > been > > > having fairly definitely to selinux being on in permissive mode. > > > sestatus shows it enabled and permissive. > > > > how did you track the problem down to being a SELinux in permissive mode > > ? > > > > and no, afaik, you cant move from permissive to disabled, since selinux > > code comes down from kernelspace. > > > > -- > > Karanbir Singh : http://www.karan.org/ : 2522219 at icq > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20061004/f72162ec/attachment-0005.html>