Re: making a file context change work for initrc_t and unconfined_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Also you should figure out what created this (was it some init script?).
> It might be that some process was running in the init script domain due
> to a mislabeled executable file (ps auxZ | grep initrc_t)

I am actually pretty sure it was created by either lsassd or maybe but
less likely the lsassd init script (or the main likewise init script if
you do not have a separate lsassd init script). May also be a left over
from earlier before you applied the proper file contexts (that is
actually what i suspect)
 
Yes, it is created by lsassd, and I think it was leftover from before.  The number in the filename is my uid - the files are owned by me.  I logged out, I removed both files as root, and then when I next logged in as myself, a new file was created as such:
 
system_u:object_r:user_tmp_t:s0  krb5cc_1040237070_CeTgk16875
 
When I logged back out, it looks like it was renamed by lsassd:
 
system_u:object_r:lsassd_tmp_t:s0 krb5cc_1040237070
 
When I logged in again, a new file with a random string appended was created with user_tmp_t context.  I repeated the whole experiment, and the file without the random string appended never re-appeared.  So, I'm not entirely sure what it's doing (something with Kerberos tickets :) - it did grow in size when I SSHed to another box), but I haven't seen any AVC messages about it since that first time.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux