Re: Determine SELinux domain of daemon which isn't running

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Nov 18, 2016 at 04:26:45AM -0000, leroy.tennison@xxxxxxxxxxx wrote:

I just beginning to learn SELinux and have numerous questions (I've read roughly half of the "Red Hat Enterprise Linux 7 SELinux User's and Administrator's Guide").  The first one is how to determine the domain of a daemon if it isn't running.  If there's documentation on this and I've just missed it just point me to it.  Thanks for your help.
__


Hi,
The context of a process usually depends on the domain which started it. In Fedora's current policy systemd runs as init_t, so to find out what the context of a daemon it starts would be we need to look for type_transition rules with init_t as the source type. You can do this by using sesearch from setools-console: 

$ sesearch -CST -s init_t -c process
Found 721 semantic te rules:
  type_transition init_t cgconfig_exec_t : process cgconfig_t;
  type_transition init_t deltacloudd_exec_t : process deltacloudd_t;
  ... snip ...
The target type in these rules is the type of the programs executable file, so to filter the sesearch results to a single program we can do this: 

$ ls -laZ /sbin/dnsmasq
-rwxr-xr-x. 1 root root system_u:object_r:dnsmasq_exec_t:s0 373928 Jul 15 13:57 /sbin/dnsmasq

$ sesearch -CST -s init_t -t dnsmasq_exec_t -c process
Found 1 semantic te rules:
  type_transition init_t dnsmasq_exec_t : process dnsmasq_t;
So we know that when init_t execve()'s a program with a type of dnsmasq_exec_t it will transition to dnsmasq_t [1]. You can also achieve the same result by using selinuxexeccon from libselinux-utils: 

$ selinuxexeccon /usr/sbin/dnsmasq "system_u:system_r:init_t:s0"
system_u:system_r:dnsmasq_t:s0
[1] - A process can also call setexeccon() to set the context for a new process before it calls execve(). 
_____________________________________________

selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx


--
Gary Tierney

GPG fingerprint: 412C 0EF9 C305 68E6 B660BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8

Attachment: signature.asc
Description: PGP signature

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux