[redhat-lspp] Expected Behaviour of open_init_pty
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 6 20:40:23 UTC 2006
Stephen Smalley wrote:
> On Wed, 2006-05-31 at 15:06 -0300, Glauber de Oliveira Costa wrote:
>
>> Hi folks,
>>
>> In terms type/level , who should be able to successfully run the open_init_pty
>> command ? From system usage, it seems that secadm_r e sysadm_r are forbidden
>> open_init_pty execution, but I need something stronger than a guess.
>>
>> It would be nice if someone can give me some guidance on this.
>>
>
> I think run_init / open_init_pty serve no purpose in Fedora or RHEL, as
> the Red Hat policies permit direct transitions to initrc_t without using
> run_init. In some other distributions that integrate SELinux, use of
> run_init is necessary. I would expect sysadm to be able to use run_init
> (and thus open_init_pty).
>
>
run_init is required in MLS to restart the daemons. Direct transitions
are turned off.
More information about the redhat-lspp
mailing list