I found iiim(htt_server) is running also "user_t". Daemon programs started using su runs as "user_t". Transition like initrc_t(initrc script)->su_exec_t->initrc_su_t(su)->user_t(daemon) is happening. I think su command or initscripts or daemon should be fixed. Tom London <selinux@xxxxxxxxx> wrote: > Running strict/enforcing, off of latest Rawhide. > > 'ps agxZ' yields: > system_u:system_r:rpcd_t 2419 ? Ss 0:00 rpc.statd > system_u:system_r:rpcd_t 2447 ? Ss 0:00 rpc.idmapd > user_u:user_r:user_t 2551 ? Ssl 0:00 mDNSResponder > system_u:system_r:fsdaemon_t 2563 ? S 0:00 /usr/sbin/smartd > > Should mDNSResponder be running as user_u:user_r:user_t? > daemon_base_domain() generates a > domain_auto_trans(initrc_t, howl_exec_t, howl_t) > > So, should it be running in howl_t? > > It gets started from /etc/rc.d/init.d/mDNSResponder: > su -s /bin/bash - nobody -c mDNSResponder $OTHER_MDNSRD_OPTS > > /dev/null > > That right? > tom > -- > Tom London > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list --- Yuichi Nakamura Japan SELinux Users Group(JSELUG) http://www.selinux.gr.jp/ Hitachi Software http://www.selinux.hitachi-sk.co.jp/en The George Washington University
