user_t daemons(Re: mDNSResponder running in user_t)
Yuichi Nakamura
himainu-ynakam at miomio.jp
Sat Oct 2 21:49:56 UTC 2004
I found iiim(htt_server) is running also "user_t".
Daemon programs started using su runs as "user_t".
Transition like
initrc_t(initrc script)->su_exec_t->initrc_su_t(su)->user_t(daemon)
is happening.
I think su command or initscripts or daemon should be fixed.
Tom London <selinux at gmail.com> wrote:
> Running strict/enforcing, off of latest Rawhide.
>
> 'ps agxZ' yields:
> system_u:system_r:rpcd_t 2419 ? Ss 0:00 rpc.statd
> system_u:system_r:rpcd_t 2447 ? Ss 0:00 rpc.idmapd
> user_u:user_r:user_t 2551 ? Ssl 0:00 mDNSResponder
> system_u:system_r:fsdaemon_t 2563 ? S 0:00 /usr/sbin/smartd
>
> Should mDNSResponder be running as user_u:user_r:user_t?
> daemon_base_domain() generates a
> domain_auto_trans(initrc_t, howl_exec_t, howl_t)
>
> So, should it be running in howl_t?
>
> It gets started from /etc/rc.d/init.d/mDNSResponder:
> su -s /bin/bash - nobody -c mDNSResponder $OTHER_MDNSRD_OPTS
> > /dev/null
>
> That right?
> tom
> --
> Tom London
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
---
Yuichi Nakamura
Japan SELinux Users Group(JSELUG)
http://www.selinux.gr.jp/
Hitachi Software
http://www.selinux.hitachi-sk.co.jp/en
The George Washington University
More information about the selinux
mailing list