SELinux MLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetz,

I'm struggling with this.

I have MLS enabled along with a freshly relabelled, rebooted system.

I have mapped my Linux user to SELinux user staff_u and do a domain transition

via sudo.

So, here is the dumb question: how do I start httpd?
%wheel ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r NOPASSWD: ALL

[root@pluto ~]# id -Z
staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
[root@pluto ~]# semanage login -l

Login Name                SELinux User              MLS/MCS Range            

__default__               user_u                    SystemLow                
robert                    staff_u                   SystemLow-SystemHigh     
root                      root                      SystemLow-SystemHigh     
system_u                  system_u                  SystemLow-SystemHigh

[root@pluto ~]# semanage user -l

                Labeling   MLS/       MLS/                          
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

staff_u         user       SystemLow  SystemLow-SystemHigh           auditadm_r staff_r secadm_r sysadm_r system_r

[root@pluto ~]# service httpd start
env: /etc/init.d/httpd: Permission denied

[root@pluto ~]# secon -f /usr/sbin/httpd
user: system_u
role: object_r
type: httpd_exec_t
sensitivity: SystemLow
clearance: SystemLow
mls-range: SystemLow
Do I have to transition to some domain (newrole?) or can I be in a domain (allowed of

course) that will execute the process and then do the transition?

Thank you.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux