Roland Cruesemann wrote:

Hello,

this is a rather basic question concerning run_init. I use the targeted policy. If I start a daemon, for example postgresql, with run_init: run_init /etc/init.d/postgresql start postgresql ends up in the unconfined_t domain. But during a reboot postgresql is transferred to the correct postgresql_t domain. The content of /etc/selinux/targeted/contexts/initrc_context is user_u:system_r:unconfined_t .c_t

run_init should only be needed for strict (If sysadm_r is not allowed to transition) and mls policies. Although it should work correctly in targeted policy. Please bugzilla and please use ordinary service scripts. The policy allows unconfined_t to transition to initrc_t when executing initrc_exec_t (labels on /etc/init.d/*) And then initr_t transitions to postgresql_t when executing postgresql_exec_t files.

Best regards, Roland Cruesemann

---

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list