On Tue, 2004-04-06 at 12:49, Gene Czarcinski wrote: > The various selinux documentation states that /usr/sbin/run_init should be > used to start the various scripts in /etc/init.d/ to ensure that that have > the correct selinux charactertics. > > I notice that service does not use run_init. Is this a problem? The direct_sysadm_daemon tunable in tunable.te allows direct transitions upon executing /etc/init.d scripts or daemons from an admin shell, so that you don't have to use run_init if that tunable is set. There is a tradeoff in security vs. useability. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
