about restarting services and user domains F14
Dominick Grift
domg472 at gmail.com
Wed Apr 6 08:43:45 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/06/2011 07:22 AM, Gabriel Ramirez wrote:
> On 04/05/2011 07:44 AM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 04/04/2011 09:19 PM, Gabriel Ramirez wrote:
>>> Hi,
>>>
>>> I have a small problem or I didn't find the correct info, in my Fedora
>>> 14 x86_64 and i686 machines when I restart a service by:
>>>
>>> # service postfix restart
>>> or
>>> $ sudo service postfix restart
>>>
>>> always the process runs under unconfined_u
>> First off I would say it does not matter, or should not matter.
>
> ok, I was thinking if a bug existed when starting daemons under
> unconfined_u but I was wrong. thanks for your time.
I do not want to make this over-complicated but i want to mention it for
reference purposes:
Policy can be build with the UBAC option. When UBAC is enabled then the
first field in the security context tuple is used to enforce user based
access control using constraints and so when policy is built with UBAC
then the first field does matter. (Fedora does not build policy with
UBAC enabled)
>
> Gabriel
>
>>
>> You could use run_init command to start it with the system_u user.
>>
>> run_init service postfix restart
>>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2cJ8EACgkQMlxVo39jgT+niQCeL5tqoPy97bZMb+Ss86uru3q2
28sAoMwZacq8pljZfleXMy3RMRPkmoqW
=hDUd
-----END PGP SIGNATURE-----
More information about the selinux
mailing list