mDNSResponder running in user_t
Richard Hally
rhally at mindspring.com
Sat Oct 2 22:19:34 UTC 2004
Tom London wrote:
>Running strict/enforcing, off of latest Rawhide.
>
>'ps agxZ' yields:
>system_u:system_r:rpcd_t 2419 ? Ss 0:00 rpc.statd
>system_u:system_r:rpcd_t 2447 ? Ss 0:00 rpc.idmapd
>user_u:user_r:user_t 2551 ? Ssl 0:00 mDNSResponder
>system_u:system_r:fsdaemon_t 2563 ? S 0:00 /usr/sbin/smartd
>
>Should mDNSResponder be running as user_u:user_r:user_t?
>daemon_base_domain() generates a
>domain_auto_trans(initrc_t, howl_exec_t, howl_t)
>
>So, should it be running in howl_t?
>
>It gets started from /etc/rc.d/init.d/mDNSResponder:
> su -s /bin/bash - nobody -c mDNSResponder $OTHER_MDNSRD_OPTS
>
>
>>/dev/null
>>
>>
>
>That right?
> tom
>
>
Dan Walsh has come up with a new program called "runuser" (in the
latest coreutils) that is intended to replace "su" in these situations
(e.g. init scripts) . Try replacing "su" with "runuser" in the script
and see what happens.
HTH
Richard Hally
More information about the selinux
mailing list