about restarting services and user domains F14

Tue Apr 5 07:19:57 UTC 2011

Yes but that is the identity field in the security context tuple. It is
not the type field. The identity field is used to map ( amongst
categories/sensitivities ) roles to linux logins. The type field is used
to enforce integrity.

In any case, You can ignore this issue, or you can use the run_init
command when you manually (re) start a service (run_init service httpd)

In fedora no policy is enforced based upon the first field of the
security context tuple. It is only used for mappings.

> as per ps axZ | grep postfix
> 
> unconfined_u:system_r:postfix_master_t:s0 26602 ? Ss   0:00 
> /usr/libexec/postfix/master
> unconfined_u:system_r:postfix_pickup_t:s0 26604 ? S   0:00 pickup -l -t 
> fifo -u
> unconfined_u:system_r:postfix_qmgr_t:s0 26605 ? S     0:00 qmgr -l -t 
> fifo -u
> 
> and not under system_u as after a reboot
> 
> system_u:system_r:postfix_master_t:s0 1706 ?   Ss     0:11 
> /usr/libexec/postfix/master
> system_u:system_r:postfix_qmgr_t:s0 1717 ?     S      0:05 qmgr -l -t 
> fifo -u
> system_u:system_r:postfix_master_t:s0 1822 ?   S      0:01 tlsmgr -l -t 
> unix -u
> system_u:system_r:postfix_pickup_t:s0 26061 ?  S      0:00 pickup -l -t 
> fifo -u
> 
> what can use to restart a service with the correct user context?
> 
> also sometimes I edit a file in /etc and after saving the context change 
> from system_u to unconfined_u how can prevent that??,
> 
> 
> thanks
> 
> Gabrielo
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2awp0ACgkQMlxVo39jgT9QXQCfe8KoVUzghEz3eY+ElYRMXHzE
K50AoNIzZO1+RIXJxWhwRRCaQiuDRG01
=TURR
-----END PGP SIGNATURE-----