Roland Cruesemann wrote:
Hello,
this is a rather basic question concerning run_init.
I use the targeted policy.
If I start a daemon, for example postgresql, with run_init:
run_init /etc/init.d/postgresql start
postgresql ends up in the unconfined_t domain.
But during a reboot postgresql is transferred to the
correct postgresql_t domain.
The content of /etc/selinux/targeted/contexts/initrc_context is
user_u:system_r:unconfined_t
.c_t
run_init should only be needed for strict (If sysadm_r is not allowed to
transition) and mls policies.
Although it should work correctly in targeted policy. Please bugzilla
and please use ordinary service
scripts. The policy allows unconfined_t to transition to initrc_t when
executing initrc_exec_t (labels on /etc/init.d/*)
And then initr_t transitions to postgresql_t when executing
postgresql_exec_t files.
Best regards,
Roland Cruesemann
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
