|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 08/22/2012 09:36 PM, Michael Hampton wrote:
I am trying to write a SELinux policy for a daemon which will be started from an init script on CentOS 6. I seem to be most of the way there, except when running its init script (with "service bitcoin start"), the daemon starts and runs as unconfined_u: ps -eZ | grep bitcoin unconfined_u:system_r:bitcoin_t:s0 19993 ? 00:00:00 bitcoind I generated the policy using selinux-polgengui which was included with CentOS 6 selecting "Standard Init Daemon". The init script seems to be correctly labeled: root@buildbox-el6 ~ # ls -Z /etc/rc.d/init.d/bitcoin -rwxr-xr-x. root root system_u:object_r:bitcoin_initrc_exec_t:s0 /etc/rc.d/init.d/bitcoin The daemon also seems to be correctly labeled: root@buildbox-el6 ~ # ls -Z /usr/sbin/bitcoind -rwxr-xr-x. root root system_u:object_r:bitcoin_exec_t:s0 /usr/sbin/bitcoind The bitcoin.if and bitcoin.te are as generated by the tool, though I can provide them if necessary. I expected the daemon to run as system_u. When the system boots, the daemon is started as system_u as expected, but not when I start or restart it with 'service bitcoin restart'. What's going on here and how do I fix it? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
If you execute # run_init service bitcoin restarton CentOS 6 you will end up with system_u as you expect. Basically if you execute a service script as unconfined_u, then your identity is not supposed to be changed.
Regards, Miroslav -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]