making a file context change work for initrc_t and unconfined_t
Maria Iano
maria at iano.org
Wed Feb 1 16:37:41 UTC 2012
On Feb 1, 2012, at 11:30 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/31/2012 05:33 PM, Maria Iano wrote:
>> I have a RHEL 6.2 server running LikewiseOpen. It appears to me
>> that I will take care of a large number of denials if I can change
>> the type of /var/lib/likewise/.lsassd to be lsassd_var_socket_t.
>>
>> I added the file context rule with semanage, and used restorecon
>> to change it to lsassd_var_socket_t as desired. But later I found
>> that /var/lib/likewise/.lsassd had type var_lib_t again. I assume
>> that is because the likewise processes run as initrc_t.
>>
>> I'd like to change the policy and tell it that services running in
>> either initrc_t or unconfined_t domains should create the file
>> /var/lib/likewise/.lsassd with type lsassd_var_socket_t. (A command
>> line tool lwsm for managing the processes runs in unconfined_t so
>> I'd like to include that domain to be safe. ) How can I go about
>> doing that in RHEL 6 (or can I)?
>>
>> Thanks, Maria -- selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> What label do you have on /var/lib/likewise?
system_u:object_r:var_lib_t:s0
More information about the selinux
mailing list