making a file context change work for initrc_t and unconfined_t
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 1 16:30:21 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/31/2012 05:33 PM, Maria Iano wrote:
> I have a RHEL 6.2 server running LikewiseOpen. It appears to me
> that I will take care of a large number of denials if I can change
> the type of /var/lib/likewise/.lsassd to be lsassd_var_socket_t.
>
> I added the file context rule with semanage, and used restorecon
> to change it to lsassd_var_socket_t as desired. But later I found
> that /var/lib/likewise/.lsassd had type var_lib_t again. I assume
> that is because the likewise processes run as initrc_t.
>
> I'd like to change the policy and tell it that services running in
> either initrc_t or unconfined_t domains should create the file
> /var/lib/likewise/.lsassd with type lsassd_var_socket_t. (A command
> line tool lwsm for managing the processes runs in unconfined_t so
> I'd like to include that domain to be safe. ) How can I go about
> doing that in RHEL 6 (or can I)?
>
> Thanks, Maria -- selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
What label do you have on /var/lib/likewise?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8paJ0ACgkQrlYvE4MpobOddQCffhDbvifkpq4nQFHUZYa/eUSI
gn8AoNCgCN2tVhy16gLJx3HIOOBs6fa2
=kRm0
-----END PGP SIGNATURE-----
More information about the selinux
mailing list