Re: [HEADS-UP] systemd for F14 - the next steps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 15.07.10 09:32, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote:

> I thought I had checked it in, but I was leaving on Vacation and dropped
> the ball.
> 
> Fixed in selinux-policy-3.8.7-1.fc14.noarch
> 

I'll bump up the dependency.

> chcon -t init_exec_t /bin/systemd
> 
> Will also fix it so you can boot in enforcing mode.  I am changing my
> laptop to boot full time systemd to see what other gotchas.

Thanks a lot. Much appreciated!

> The best solution to this would be to get sysstemd process that is
> creating the sock_file and listening to impersonate mysqld_t.
> 
> fork()
> setexec("system_u:system_r:mysqld_t:s0")
> create_sock_file()
> listen()
> accept()
> exec mysqld

Hmm, but that's not really how it works. i.e. we first create all
sockets, and then when a connection comes in (or something else happens)
we fork and exec. I don't know the selinux APIS that well but something
like this would be more along what I'd want:

create_sock_file("/var/run/foo", "...:foo_t:...");
create_sock_file("/var/run/bar", "...:bar_t:...");
create_sock_file("/var/run/waldo", "...:waldo_t:...");
.....
....
accept()  -- if systemd is configured to accept
fork() 
exec()
....

Is this doable with selinux? i.e. label sockets we create one-by-one
without necessarily forking off anything like that?

How has inetd been handled in this respect so far?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux