Re: making a file context change work for initrc_t and unconfined_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/31/2012 05:33 PM, Maria Iano wrote:
> I have a RHEL 6.2 server running LikewiseOpen. It appears to me
> that I will take care of a large number of denials if I can change
> the type of /var/lib/likewise/.lsassd to be lsassd_var_socket_t.
> 
> I added the file context rule with semanage, and used restorecon
> to change it to lsassd_var_socket_t as desired. But later I found
> that /var/lib/likewise/.lsassd had type var_lib_t again. I assume
> that is because the likewise processes run as initrc_t.
> 
> I'd like to change the policy and tell it that services running in 
> either initrc_t or unconfined_t domains should create the file 
> /var/lib/likewise/.lsassd with type lsassd_var_socket_t. (A command
> line tool lwsm for managing the processes runs in unconfined_t so
> I'd like to include that domain to be safe. ) How can I go about
> doing that in RHEL 6 (or can I)?
> 
> Thanks, Maria -- selinux mailing list 
> selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux

What label do you have on /var/lib/likewise?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8paJ0ACgkQrlYvE4MpobOddQCffhDbvifkpq4nQFHUZYa/eUSI
gn8AoNCgCN2tVhy16gLJx3HIOOBs6fa2
=kRm0
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux