On 02/23/2010 05:40 AM, Stephen Smalley wrote:
On Mon, 2010-02-22 at 22:17 -0800, Justin P. mattock wrote:
ahh.. I see what you mean by transition
i.g. with enable_upstart=0
under ps auxZ
I see everything is with sysadm_t
example when dbus starts:
with enable_upstart=0
system_u:system_r:sysadm_t
and continues to have sysadm_t
(with enable_upstart=1)
system_u:system_r:udev_t
and all other daemons etc.. go into there
proper name(udev_t,hald_t,xdm_t)down the line.
I've looked at the file contexts, and
am not seeing anything out of the ordinary
(but could be wrong).
any ideas?
Looks like /etc/init.d/rc is labeled correctly.
And /etc/init.d/rc and /etc/init.d/boot have the #!/bin/sh prefix?
Looking at the sysvinit code, it appears that it will invoke the command
specified in /etc/inittab via a shell if:
- the command string has any meta characters in it that need
interpretation (but your /etc/inittab didn't look that way), or
- the attempt to exec the command directly returns with errno ENOEXEC
(this will happen if the script lacks a #!/path/to/interpreter header).
The proper domain transition only happens upon direct execution of the
script, not if it is invoked indirectly via the shell.
I can go through all of these files again
to make sure #!/bin/sh is present.
(maybe strace will show something).
> The proper domain transition only happens upon direct execution of the
> script, not if it is invoked indirectly via the shell.
>
unlike small systems, this system has things going on everywhere I look.
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
