Hi All,
Apologies in advance if this is slightly off topic. Over the last few years I've gained some experience with SELinux using the targeted policy, but now after discovering the new support in RHEL5 I've decided to learn about the strict/mls policies and hopefully contribute in some way one day.
I have a test RHEL5 system running the strict policy, but I'm confused about how services/daemons can be controlled by the superuser. The sysadm_t does not have permission to execute initrc_exec_t, but does have permission to execute /usr/sbin/httpd directly as it's httpd_exec_t. The type_transition rules allow mainly the system startup types (init_t etc) to transition to initrc_exec_t, but there is no transition from sysadm_t defined. This seems to say that services can only be started and stopped during bootup and shutdown.
Am I missing something here, or does a transition to initrc_exec_t need to be defined for some SELinux user via a policy module? Sorry if my terminology is a little off.
Kind Regards
Eoin
