Tom London wrote:
Dan Walsh has come up with a new program called "runuser" (in the latest coreutils) that is intended to replace "su" in these situations (e.g. init scripts) . Try replacing "su" with "runuser" in the script and see what happens.Running strict/enforcing, off of latest Rawhide.
'ps agxZ' yields: system_u:system_r:rpcd_t 2419 ? Ss 0:00 rpc.statd system_u:system_r:rpcd_t 2447 ? Ss 0:00 rpc.idmapd user_u:user_r:user_t 2551 ? Ssl 0:00 mDNSResponder system_u:system_r:fsdaemon_t 2563 ? S 0:00 /usr/sbin/smartd
Should mDNSResponder be running as user_u:user_r:user_t?
daemon_base_domain() generates a domain_auto_trans(initrc_t, howl_exec_t, howl_t)
So, should it be running in howl_t?
It gets started from /etc/rc.d/init.d/mDNSResponder:
su -s /bin/bash - nobody -c mDNSResponder $OTHER_MDNSRD_OPTS
/dev/null
That right?
tom
HTH
Richard Hally
