I am able to get init_t, local_login_t for init, and login respectively.
The mistake was tat I missed relabeling the file system, so all the executable was in the type file_t.
But it looks my problem still remains somehow, so that when I try
login it still shows me wrong domain/type.
When I login using 'login' (tty1), the context shows as user_u:user_r:chkpwd_t and when I check in the X (auto login to user 'meego' using 'uxlaunch') shows as user_u:user_r:consoletype_t.
Attached is the "ps -aeZ" after relabeling the system.
Regards,
Madhu
On Fri, Jun 24, 2011 at 2:11 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2011-06-24 at 09:44 -0400, c.r.madhusudhanan@xxxxxxxxx wrote:Once policy is loaded, you have to make the first transition to init_t
> Hello Daniel, Stephen,
>
> Thanks for the quick reply.
>
> Yes it looks login runs in the wrong context,
> system_u:system_r:kernel_t and most of the processes are.
>
> I am loading selinux policies from init, so I would expect all daemons
> should show their respective contexts.
>
> Attached is the "ps -aeZ" output.
>
> BTW, when I do "run_init /etc/init.d/sshd restart" the context changes
> from
> "system_u:system_r:kernel_t" to "system_u:system_r:initrc_t" but not
> to sshd_t.
for the init process. That can be done in one of several ways:
- load policy before execing /sbin/init from the real root (e.g. from
initramfs), and then you'll transition naturally when you exec
the /sbin/init binary if the file is labeled init_exec_t. I think we
did this when using upstart in Fedora to avoid modifying upstart itself.
- load policy from within /sbin/init and then re-exec yourself, using an
environment variable or argument to only do on the first invocation.
This is what the original patches to SysVinit did in Fedora (and I think
it is what systemd does too).
- load policy from init and invoke setcon() to dynamically switch to the
init context before proceeding. Not preferred, but possible.
--
Stephen Smalley
National Security Agency
LABEL PID TTY TIME CMD system_u:system_r:init_t 1 ? 00:00:04 init system_u:system_r:kernel_t 2 ? 00:00:00 kthreadd system_u:system_r:kernel_t 3 ? 00:00:00 ksoftirqd/0 system_u:system_r:kernel_t 4 ? 00:00:00 migration/0 system_u:system_r:kernel_t 5 ? 00:00:00 watchdog/0 system_u:system_r:kernel_t 6 ? 00:00:00 migration/1 system_u:system_r:kernel_t 7 ? 00:00:00 ksoftirqd/1 system_u:system_r:kernel_t 8 ? 00:00:00 watchdog/1 system_u:system_r:kernel_t 9 ? 00:00:00 migration/2 system_u:system_r:kernel_t 10 ? 00:00:00 ksoftirqd/2 system_u:system_r:kernel_t 11 ? 00:00:00 watchdog/2 system_u:system_r:kernel_t 12 ? 00:00:00 migration/3 system_u:system_r:kernel_t 13 ? 00:00:00 ksoftirqd/3 system_u:system_r:kernel_t 14 ? 00:00:00 watchdog/3 system_u:system_r:kernel_t 15 ? 00:00:00 events/0 system_u:system_r:kernel_t 16 ? 00:00:00 events/1 system_u:system_r:kernel_t 17 ? 00:00:00 events/2 system_u:system_r:kernel_t 18 ? 00:00:00 events/3 system_u:system_r:kernel_t 19 ? 00:00:00 cpuset system_u:system_r:kernel_t 20 ? 00:00:00 khelper system_u:system_r:kernel_t 21 ? 00:00:00 async/mgr system_u:system_r:kernel_t 22 ? 00:00:00 pm system_u:system_r:kernel_t 23 ? 00:00:00 sync_supers system_u:system_r:kernel_t 24 ? 00:00:00 bdi-default system_u:system_r:kernel_t 25 ? 00:00:00 kblockd/0 system_u:system_r:kernel_t 26 ? 00:00:00 kblockd/1 system_u:system_r:kernel_t 27 ? 00:00:00 kblockd/2 system_u:system_r:kernel_t 28 ? 00:00:00 kblockd/3 system_u:system_r:kernel_t 29 ? 00:00:00 kacpid system_u:system_r:kernel_t 30 ? 00:00:00 kacpi_notify system_u:system_r:kernel_t 31 ? 00:00:00 kacpi_hotplug system_u:system_r:kernel_t 32 ? 00:00:00 ata_aux system_u:system_r:kernel_t 33 ? 00:00:00 ata_sff/0 system_u:system_r:kernel_t 34 ? 00:00:00 ata_sff/1 system_u:system_r:kernel_t 35 ? 00:00:00 ata_sff/2 system_u:system_r:kernel_t 36 ? 00:00:00 ata_sff/3 system_u:system_r:kernel_t 37 ? 00:00:00 khubd system_u:system_r:kernel_t 38 ? 00:00:00 kseriod system_u:system_r:kernel_t 39 ? 00:00:00 kmmcd system_u:system_r:kernel_t 40 ? 00:00:00 cfg80211 system_u:system_r:kernel_t 41 ? 00:00:00 kondemand/0 system_u:system_r:kernel_t 42 ? 00:00:00 kondemand/1 system_u:system_r:kernel_t 43 ? 00:00:00 kondemand/2 system_u:system_r:kernel_t 44 ? 00:00:00 kondemand/3 system_u:system_r:kernel_t 45 ? 00:00:00 kswapd0 system_u:system_r:kernel_t 46 ? 00:00:00 aio/0 system_u:system_r:kernel_t 47 ? 00:00:00 aio/1 system_u:system_r:kernel_t 48 ? 00:00:00 aio/2 system_u:system_r:kernel_t 49 ? 00:00:00 aio/3 system_u:system_r:kernel_t 50 ? 00:00:00 crypto/0 system_u:system_r:kernel_t 51 ? 00:00:00 crypto/1 system_u:system_r:kernel_t 52 ? 00:00:00 crypto/2 system_u:system_r:kernel_t 53 ? 00:00:00 crypto/3 system_u:system_r:kernel_t 61 ? 00:00:00 i915 system_u:system_r:kernel_t 62 ? 00:00:00 kslowd000 system_u:system_r:kernel_t 63 ? 00:00:00 kslowd001 system_u:system_r:kernel_t 64 ? 00:00:00 scsi_eh_0 system_u:system_r:kernel_t 65 ? 00:00:00 scsi_eh_1 system_u:system_r:kernel_t 68 ? 00:00:00 scsi_eh_2 system_u:system_r:kernel_t 69 ? 00:00:00 scsi_eh_3 system_u:system_r:kernel_t 70 ? 00:00:00 smflush system_u:system_r:kernel_t 71 ? 00:00:00 kpsmoused system_u:system_r:kernel_t 72 ? 00:00:00 usbhid_resumer system_u:system_r:kernel_t 73 ? 00:00:00 l2cap system_u:system_r:kernel_t 74 ? 00:00:00 krfcommd system_u:system_r:kernel_t 76 ? 00:00:00 btrfs-worker-0 system_u:system_r:kernel_t 77 ? 00:00:00 btrfs-genwork-0 system_u:system_r:kernel_t 78 ? 00:00:00 btrfs-submit-0 system_u:system_r:kernel_t 79 ? 00:00:00 btrfs-delalloc- system_u:system_r:kernel_t 80 ? 00:00:00 btrfs-fixup-0 system_u:system_r:kernel_t 82 ? 00:00:00 btrfs-endio-met system_u:system_r:kernel_t 83 ? 00:00:00 btrfs-endio-met system_u:system_r:kernel_t 85 ? 00:00:00 btrfs-cleaner system_u:system_r:kernel_t 86 ? 00:00:00 btrfs-transacti system_u:system_r:kernel_t 87 ? 00:00:00 btrfs-endio-met system_u:system_r:udev_t 118 ? 00:00:00 udevd system_u:system_r:kernel_t 304 ? 00:00:00 btrfs-endio-1 system_u:system_r:kernel_t 343 ? 00:00:00 hd-audio0 system_u:system_r:kernel_t 349 ? 00:00:00 kjournald system_u:system_r:kernel_t 364 ? 00:00:00 flush-btrfs-1 system_u:system_r:system_dbusd_t 373 ? 00:00:00 dbus-daemon system_u:system_r:initrc_t 389 ? 00:00:00 connmand system_u:system_r:syslogd_t 392 ? 00:00:00 syslogd system_u:system_r:NetworkManager_t 397 ? 00:00:00 wpa_supplicant system_u:system_r:klogd_t 398 ? 00:00:00 klogd system_u:system_r:auditd_t 404 ? 00:00:00 auditd system_u:system_r:kernel_t 407 ? 00:00:00 kauditd system_u:system_r:initrc_t 422 ? 00:00:00 dsme system_u:system_r:initrc_t 427 ? 00:00:00 dsme-server system_u:system_r:initrc_t 430 ? 00:00:00 S50sensord system_u:system_r:initrc_t 432 ? 00:00:00 bash system_u:system_r:initrc_t 434 ? 00:00:00 sensord system_u:system_r:initrc_t 435 ? 00:00:00 timed system_u:system_r:sshd_t 445 ? 00:00:00 sshd system_u:system_r:avahi_t 452 ? 00:00:00 avahi-daemon system_u:system_r:avahi_t 453 ? 00:00:00 avahi-daemon system_u:system_r:init_t 462 ? 00:00:00 uxlaunch system_u:system_r:initrc_t 464 ? 00:00:00 ofonod system_u:system_r:bluetooth_t 466 ? 00:00:00 bluetoothd system_u:system_r:init_t 471 ? 00:00:00 uxlaunch user_u:user_r:consoletype_t 491 tty2 00:00:04 Xorg user_u:user_r:consoletype_t 494 ? 00:00:00 ssh-agent system_u:system_r:consolekit_t 496 ? 00:00:00 console-kit-dae user_u:user_r:consoletype_t 564 ? 00:00:00 dbus-daemon user_u:user_r:consoletype_t 567 ? 00:00:00 gconfd-2 user_u:user_r:consoletype_t 570 ? 00:00:00 startivi user_u:user_r:consoletype_t 578 ? 00:00:00 msyncd user_u:user_r:consoletype_t 580 ? 00:00:00 udiskie user_u:user_r:consoletype_t 582 ? 00:00:00 obex-client user_u:user_r:consoletype_t 583 ? 00:00:00 corewatcher-app user_u:user_r:consoletype_t 584 ? 00:00:00 matchbox-window user_u:user_r:consoletype_t 585 ? 00:00:00 ividesktop user_u:user_r:consoletype_t 587 ? 00:00:00 tracker-miner-f user_u:user_r:consoletype_t 588 ? 00:00:00 gpk-update-icon user_u:user_r:consoletype_t 589 ? 00:00:09 ivihome user_u:user_r:consoletype_t 598 ? 00:00:00 pulseaudio user_u:user_r:consoletype_t 604 ? 00:00:00 festival system_u:system_r:devicekit_disk_t 613 ? 00:00:00 udisks-daemon system_u:system_r:devicekit_disk_t 616 ? 00:00:00 udisks-daemon user_u:user_r:consoletype_t 625 ? 00:00:00 xterm user_u:user_r:consoletype_t 629 pts/0 00:00:00 bash system_u:system_r:kernel_t 647 ? 00:00:00 btrfs-worker-1 system_u:system_r:kernel_t 648 ? 00:00:00 btrfs-worker-2 system_u:system_r:kernel_t 699 ? 00:00:00 btrfs-endio-wri system_u:system_r:kernel_t 700 ? 00:00:00 btrfs-endio-wri system_u:system_r:udev_t 704 ? 00:00:00 udevd system_u:system_r:udev_t 705 ? 00:00:00 udevd user_u:user_r:consoletype_t 716 ? 00:00:00 tracker-store user_u:user_r:consoletype_t 719 ? 00:00:00 tumblerd system_u:system_r:system_dbusd_t 861 ? 00:00:00 packagekitd system_u:system_r:devicekit_power_t 863 ? 00:00:00 upowerd system_u:system_r:system_dbusd_t 880 ? 00:00:00 polkitd system_u:system_r:local_login_t 926 ? 00:00:00 login user_u:user_r:chkpwd_t 930 tty1 00:00:00 bash system_u:system_r:kernel_t 959 ? 00:00:00 btrfs-endio-met user_u:user_r:consoletype_t 970 pts/0 00:00:18 firefox-bin user_u:user_r:consoletype_t 1009 ? 00:00:00 xterm user_u:user_r:consoletype_t 1011 pts/1 00:00:00 bash user_u:user_r:consoletype_t 1025 pts/1 00:00:00 bash system_u:system_r:kernel_t 1044 ? 00:00:00 btrfs-endio-wri user_u:user_r:consoletype_t 1046 pts/1 00:00:00 ps
