about restarting services and user domains F14
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 5 12:44:44 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/04/2011 09:19 PM, Gabriel Ramirez wrote:
> Hi,
>
> I have a small problem or I didn't find the correct info, in my Fedora
> 14 x86_64 and i686 machines when I restart a service by:
>
> # service postfix restart
> or
> $ sudo service postfix restart
>
> always the process runs under unconfined_u
> as per ps axZ | grep postfix
>
> unconfined_u:system_r:postfix_master_t:s0 26602 ? Ss 0:00
> /usr/libexec/postfix/master
> unconfined_u:system_r:postfix_pickup_t:s0 26604 ? S 0:00 pickup -l -t
> fifo -u
> unconfined_u:system_r:postfix_qmgr_t:s0 26605 ? S 0:00 qmgr -l -t
> fifo -u
>
> and not under system_u as after a reboot
>
> system_u:system_r:postfix_master_t:s0 1706 ? Ss 0:11
> /usr/libexec/postfix/master
> system_u:system_r:postfix_qmgr_t:s0 1717 ? S 0:05 qmgr -l -t
> fifo -u
> system_u:system_r:postfix_master_t:s0 1822 ? S 0:01 tlsmgr -l -t
> unix -u
> system_u:system_r:postfix_pickup_t:s0 26061 ? S 0:00 pickup -l -t
> fifo -u
>
> what can use to restart a service with the correct user context?
>
> also sometimes I edit a file in /etc and after saving the context change
> from system_u to unconfined_u how can prevent that??,
>
>
> thanks
>
> Gabrielo
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
First off I would say it does not matter, or should not matter.
You could use run_init command to start it with the system_u user.
run_init service postfix restart
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2bDrwACgkQrlYvE4MpobN5xQCbBTZKm8K4SRTMHLLLr6TIKV5Y
bpcAoKREiiwQCGXW4KmQa2PSbGakOPRO
=cOym
-----END PGP SIGNATURE-----
More information about the selinux
mailing list