/sbin/service and /usr/sbin/run_init
Stephen Smalley
sds at epoch.ncsc.mil
Tue Apr 6 18:25:31 UTC 2004
On Tue, 2004-04-06 at 12:49, Gene Czarcinski wrote:
> The various selinux documentation states that /usr/sbin/run_init should be
> used to start the various scripts in /etc/init.d/ to ensure that that have
> the correct selinux charactertics.
>
> I notice that service does not use run_init. Is this a problem?
The direct_sysadm_daemon tunable in tunable.te allows direct transitions
upon executing /etc/init.d scripts or daemons from an admin shell, so
that you don't have to use run_init if that tunable is set. There is a
tradeoff in security vs. useability.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list