Classification: UNCLASSIFIED
Hi,
I've got a small application that I'm trying to get running as a service on and FC8 SELinux box. I've got an entry in my inittab file to kick start the app, but all my attempts at writing an appropriate policy leaves that app running in the init_t domain.
The inittab file entry is:
cds:2345:respawn:/usr/bin/CDSserver -l -p 2732
ps -efZ (observing this as a 'root' user) gives:
system_u:system_r:init_t:s0 root 2663 1 0 10:01 ? 00:00:00 /usr/bin/CDSserver -l -p 2732
My .te file contains:
policy_module(cdsserver,1.0.3)
########################################
#
# Declarations
#
########################################
# Type declarations
###################
# the target domain:
type cds_t;
# Entrypoint for exec
type cds_exec_t;
# domain type
#domain_type(cds_t)
# Mark cds_t as a domain and cds_exec_t as an entrypoint
init_daemon_domain(cds_t, cds_exec_t)
domain_entry_file(cds_t, cds_exec_t)
allow cds_t self:process execmem;
...
My .fc file contains:
/usr/bin/CDSserver -- gen_context(system_u:object_r:cds_exec_t,s0)
My .if file contains:
interface(`cds_domtrans',`
gen_require(`
type cds_t, cds_exec_t;
')
domain_auto_trans($1,cds_exec_t,cds_t)
allow $1 cds_t:fd use;
allow cds_t $1:fd use;
allow cds_t $1:fifo_file rw_file_perms;
allow cds_t $1:process sigchld;
')
I've also tried putting init_t as $1 in the domain_auto_trans()
Why isn't the process transitioning to cds_t? I've looked at a lot of sites and examples and can't seem to figure out my problem. The policy is the targeted FC8 policy. Module compiles and loads (semodule) fine.
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 21
Policy from config file: targeted
Any ideas?
Dario Sciola
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list