On 3 July 2013 13:11, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/02/2013 08:24 AM, Robert Gabriel wrote:
> On 2 July 2013 13:49, Bryan Harris <bryanlharris@xxxxxx
> <mailto:bryanlharris@xxxxxx>> wrote:
>
> Hi Robert,
>
> On Jul 02, 2013, at 06:45 AM, Robert Gabriel <ephemeric@xxxxxxxxx
> <mailto:ephemeric@xxxxxxxxx>> wrote:> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> [root@pluto ~]# service httpd start env: /etc/init.d/httpd: Permission
>> denied
>
> I'm not an MLS expert by any means but I think you want to run a command
> like so,
>
> run_init service httpd start
>
> Bryan
>
>
> Thank you!
>
> I have read the entire RHEL 6 SELinux Guide (and now searched) and they
> don't mention run_init anywhere!
>
> Thank you.
>
>
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
In targeted policy we allow unconfined_r roles to transition to system_r. But
in MLS policy you are forced to run run_init to do the transition.
Luckily most of this will disappear in RHEL7, since systemd will be starting
system daemons, and we will not need this transition for most system daemons.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHUBs8ACgkQrlYvE4MpobMCEgCeI2HwQdj4+dkybNxXGnYyDYHB
AhUAoLRATmfNOojy0lVhIgeE1Yqq+T2j
=NCO1
-----END PGP SIGNATURE-----
Thank you.
It's happening now, I'm moving on to allowing Splunk to work.
Thank you Daniel, your blog has proved invaluable in terms of troubleshooting info!
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
