about restarting services and user domains F14
Dominick Grift
domg472 at gmail.com
Tue Apr 5 07:19:57 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/05/2011 03:19 AM, Gabriel Ramirez wrote:
> Hi,
>
> I have a small problem or I didn't find the correct info, in my Fedora
> 14 x86_64 and i686 machines when I restart a service by:
>
> # service postfix restart
> or
> $ sudo service postfix restart
>
> always the process runs under unconfined _u
Yes but that is the identity field in the security context tuple. It is
not the type field. The identity field is used to map ( amongst
categories/sensitivities ) roles to linux logins. The type field is used
to enforce integrity.
In any case, You can ignore this issue, or you can use the run_init
command when you manually (re) start a service (run_init service httpd)
In fedora no policy is enforced based upon the first field of the
security context tuple. It is only used for mappings.
> as per ps axZ | grep postfix
>
> unconfined_u:system_r:postfix_master_t:s0 26602 ? Ss 0:00
> /usr/libexec/postfix/master
> unconfined_u:system_r:postfix_pickup_t:s0 26604 ? S 0:00 pickup -l -t
> fifo -u
> unconfined_u:system_r:postfix_qmgr_t:s0 26605 ? S 0:00 qmgr -l -t
> fifo -u
>
> and not under system_u as after a reboot
>
> system_u:system_r:postfix_master_t:s0 1706 ? Ss 0:11
> /usr/libexec/postfix/master
> system_u:system_r:postfix_qmgr_t:s0 1717 ? S 0:05 qmgr -l -t
> fifo -u
> system_u:system_r:postfix_master_t:s0 1822 ? S 0:01 tlsmgr -l -t
> unix -u
> system_u:system_r:postfix_pickup_t:s0 26061 ? S 0:00 pickup -l -t
> fifo -u
>
> what can use to restart a service with the correct user context?
>
> also sometimes I edit a file in /etc and after saving the context change
> from system_u to unconfined_u how can prevent that??,
>
>
> thanks
>
> Gabrielo
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2awp0ACgkQMlxVo39jgT9QXQCfe8KoVUzghEz3eY+ElYRMXHzE
K50AoNIzZO1+RIXJxWhwRRCaQiuDRG01
=TURR
-----END PGP SIGNATURE-----
More information about the selinux
mailing list