On Thu, 15.07.10 09:32, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote:
> I thought I had checked it in, but I was leaving on Vacation and dropped
> the ball.
>
> Fixed in selinux-policy-3.8.7-1.fc14.noarch
>
I'll bump up the dependency.
> chcon -t init_exec_t /bin/systemd
>
> Will also fix it so you can boot in enforcing mode. I am changing my
> laptop to boot full time systemd to see what other gotchas.
Thanks a lot. Much appreciated!
> The best solution to this would be to get sysstemd process that is
> creating the sock_file and listening to impersonate mysqld_t.
>
> fork()
> setexec("system_u:system_r:mysqld_t:s0")
> create_sock_file()
> listen()
> accept()
> exec mysqld
Hmm, but that's not really how it works. i.e. we first create all
sockets, and then when a connection comes in (or something else happens)
we fork and exec. I don't know the selinux APIS that well but something
like this would be more along what I'd want:
create_sock_file("/var/run/foo", "...:foo_t:...");
create_sock_file("/var/run/bar", "...:bar_t:...");
create_sock_file("/var/run/waldo", "...:waldo_t:...");
.....
....
accept() -- if systemd is configured to accept
fork()
exec()
....
Is this doable with selinux? i.e. label sockets we create one-by-one
without necessarily forking off anything like that?
How has inetd been handled in this respect so far?
Lennart
--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
