SELinux MLS
Robert Gabriel
ephemeric at gmail.com
Wed Jul 3 11:29:43 UTC 2013
On 3 July 2013 13:11, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/02/2013 08:24 AM, Robert Gabriel wrote:
> > On 2 July 2013 13:49, Bryan Harris <bryanlharris at me.com
> > <mailto:bryanlharris at me.com>> wrote:
> >
> > Hi Robert,
> >
> > On Jul 02, 2013, at 06:45 AM, Robert Gabriel <ephemeric at gmail.com
> > <mailto:ephemeric at gmail.com>> wrote:
> >> [root at pluto ~]# service httpd start env: /etc/init.d/httpd: Permission
> >> denied
> >
> > I'm not an MLS expert by any means but I think you want to run a command
> > like so,
> >
> > run_init service httpd start
> >
> > Bryan
> >
> >
> > Thank you!
> >
> > I have read the entire RHEL 6 SELinux Guide (and now searched) and they
> > don't mention run_init anywhere!
> >
> > Thank you.
> >
> >
> > -- selinux mailing list selinux at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> In targeted policy we allow unconfined_r roles to transition to system_r.
> But
> in MLS policy you are forced to run run_init to do the transition.
>
> Luckily most of this will disappear in RHEL7, since systemd will be
> starting
> system daemons, and we will not need this transition for most system
> daemons.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlHUBs8ACgkQrlYvE4MpobMCEgCeI2HwQdj4+dkybNxXGnYyDYHB
> AhUAoLRATmfNOojy0lVhIgeE1Yqq+T2j
> =NCO1
> -----END PGP SIGNATURE-----
>
Thank you.
It's happening now, I'm moving on to allowing Splunk to work.
Thank you Daniel, your blog has proved invaluable in terms of
troubleshooting info!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130703/b028cc50/attachment.html>
More information about the selinux
mailing list