SELinux MLS
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 3 11:11:11 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/02/2013 08:24 AM, Robert Gabriel wrote:
> On 2 July 2013 13:49, Bryan Harris <bryanlharris at me.com
> <mailto:bryanlharris at me.com>> wrote:
>
> Hi Robert,
>
> On Jul 02, 2013, at 06:45 AM, Robert Gabriel <ephemeric at gmail.com
> <mailto:ephemeric at gmail.com>> wrote:
>> [root at pluto ~]# service httpd start env: /etc/init.d/httpd: Permission
>> denied
>
> I'm not an MLS expert by any means but I think you want to run a command
> like so,
>
> run_init service httpd start
>
> Bryan
>
>
> Thank you!
>
> I have read the entire RHEL 6 SELinux Guide (and now searched) and they
> don't mention run_init anywhere!
>
> Thank you.
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
In targeted policy we allow unconfined_r roles to transition to system_r. But
in MLS policy you are forced to run run_init to do the transition.
Luckily most of this will disappear in RHEL7, since systemd will be starting
system daemons, and we will not need this transition for most system daemons.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHUBs8ACgkQrlYvE4MpobMCEgCeI2HwQdj4+dkybNxXGnYyDYHB
AhUAoLRATmfNOojy0lVhIgeE1Yqq+T2j
=NCO1
-----END PGP SIGNATURE-----
More information about the selinux
mailing list