On Tue, Aug 01, 2006 at 02:24:26PM +0100, Paul Howarth wrote: > Axel Thimm wrote: > >On Tue, Aug 01, 2006 at 09:16:04AM -0400, Stephen Smalley wrote: > >>On Tue, 2006-08-01 at 14:51 +0200, Axel Thimm wrote: > >>>Does the following output help? Looks like anything called from sshd > >>>gets into hotplug_t. The main sshd process runs under > >>>system_u:system_r:kernel_t. > >>sshd running in kernel_t is the problem; that should never happen (init > >>transitions to init_t, then everything flows from it; nothing should > >>ever transition back into kernel_t). Only kernel threads should have > >>kernel_t (init will start life as kernel_t but then transition; usermode > >>helpers like modprobe and hotplug should transition upon the exec). > > > >Hm. there are tons of processes in kernel_t, in fact almost everything > >but sshd initiated processes, httpd, rotatelog and spamd. > > > >Maybe I need to restart init yet another time (e.g. reboot). Would > >that make sense? > > > >I'll reboot the system in ~9h and check again whether any process but > >kernel threads got lost in kernel_t. > > Is /sbin/init labelled as system_u:object_r:init_exec_t ? Yes, it is. -- Axel.Thimm at ATrpms.net
Attachment:
pgp9WOTw7O5zr.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
