On Fri, Nov 18, 2016 at 04:26:45AM -0000, leroy.tennison(a)verizon.net wrote:
I just beginning to learn SELinux and have numerous questions
(I've read roughly half of the "Red Hat Enterprise Linux 7 SELinux User's and
Administrator's Guide"). The first one is how to determine the domain of a
daemon if it isn't running. If there's documentation on this and I've just
missed it just point me to it. Thanks for your help.
__
Hi,
The context of a process usually depends on the domain which started it.
In Fedora's current policy systemd runs as init_t, so to find out what
the context of a daemon it starts would be we need to look for
type_transition rules with init_t as the source type. You can do this
by using sesearch from setools-console:
$ sesearch -CST -s init_t -c process
Found 721 semantic te rules:
type_transition init_t cgconfig_exec_t : process cgconfig_t;
type_transition init_t deltacloudd_exec_t : process deltacloudd_t;
... snip ...
The target type in these rules is the type of the programs executable
file, so to filter the sesearch results to a single program we can do this:
$ ls -laZ /sbin/dnsmasq
-rwxr-xr-x. 1 root root system_u:object_r:dnsmasq_exec_t:s0 373928 Jul 15 13:57
/sbin/dnsmasq
$ sesearch -CST -s init_t -t dnsmasq_exec_t -c process
Found 1 semantic te rules:
type_transition init_t dnsmasq_exec_t : process dnsmasq_t;
So we know that when init_t execve()'s a program with a type of
dnsmasq_exec_t it will transition to dnsmasq_t [1]. You can also
achieve the same result by using selinuxexeccon from libselinux-utils:
$ selinuxexeccon /usr/sbin/dnsmasq "system_u:system_r:init_t:s0"
system_u:system_r:dnsmasq_t:s0
[1] - A process can also call setexeccon() to set the context for a new
process before it calls execve().
_____________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Gary Tierney
GPG fingerprint: 412C 0EF9 C305 68E6 B660BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8