On Tue, Aug 01, 2006 at 09:08:37AM -0400, Stephen Smalley wrote: > On Tue, 2006-08-01 at 07:05 +0200, Axel Thimm wrote: > > Process contexts: > > Current context: root:system_r:hotplug_t:SystemLow-SystemHigh > > Init context: system_u:system_r:init_t > > /sbin/mingetty system_u:system_r:kernel_t > > /usr/sbin/sshd system_u:system_r:kernel_t > > That's puzzling; init is in the correct domain (init_t) but mingetty and > sshd are in kernel_t rather than getty_t init starts life in kernel_t, > then re-execs into init_t after loading policy, then performs normal > startup. But there are no transitions back into kernel_t. And the > files appear to have the right contexts. Restarting sshd from a root:system_r:hotplug_t:SystemLow-SystemHigh root login results in a root:system_r:unconfined_t:SystemLow-SystemHigh master sshd process. Is that correct? > rpm -q selinux-policy-targeted SysVinit > rpm -V selinux-policy-targeted > /usr/sbin/semodule -l > cmp /etc/selinux/targeted/modules/active/policy.kern /etc/selinux/targeted/policy/policy.20 # rpm -q selinux-policy-targeted SysVinit selinux-policy-targeted-2.3.2-1.fc5 SysVinit-2.86-2.2.2 # rpm -V selinux-policy-targeted # /usr/sbin/semodule -l amavis 1.0.5 clamav 1.0.4 dcc 1.0.1 pyzor 1.0.4 razor 1.0.1 # cmp /etc/selinux/targeted/modules/active/policy.kern /etc/selinux/targeted/policy/policy.20 -- Axel.Thimm at ATrpms.net
Attachment:
pgpx1GwBdyLD7.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
