selinux adventures/troubles

[Michal Jaegermann]

On Sun, Jan 04, 2009 at 02:29:44PM -0500, Daniel J Walsh wrote:
> > 
> If you execute service sshd restart from the unconfined_t user does it
> still start as system_crond_t?

# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
# ps -eZ | grep ssh
system_u:system_r:system_crond_t:s0 23026 ?    00:00:00 sshd
system_u:system_r:system_crond_t:s0 23074 ?    00:00:00 sshd

and the same after logging out and loging back in.

/usr/sbin/sshd has system_u:object_r:sshd_exec_t:s0 for its label.

> I actually just upgraded my Fathers machine from F8 to F10 and had a
> problem with the root account not being setup to login correctly.  But I
> saw no problems with sshd?

Other problems may show up yet.  I do not know.

I do not think that this happens consistently across installations
and so far I do not see any rhyme or reason.  On another box you may
not even notice that something is amiss.  It is not hard to imagine
that you _think_ that you have a selinux protection after an upgrade
while in reality everything is totally out-of-whack.

The other machine which went through F8->F10 upgrade, and which I
was using for comparisons, does not give me any grief but I am not
sure if it really looks like it should.

   Michal