mDNSResponder running in user_t
Tom London
selinux at gmail.com
Sat Oct 2 22:33:56 UTC 2004
Yup. That seems to fix it. mDNSResponser now transitions
to howl_t.
I'll file a bugzilla against howl:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134456
thanks,
tom
On Sat, 02 Oct 2004 18:19:34 -0400, Richard Hally <rhally at mindspring.com> wrote:
>
>
> Tom London wrote:
>
> >Running strict/enforcing, off of latest Rawhide.
> >
> >'ps agxZ' yields:
> >system_u:system_r:rpcd_t 2419 ? Ss 0:00 rpc.statd
> >system_u:system_r:rpcd_t 2447 ? Ss 0:00 rpc.idmapd
> >user_u:user_r:user_t 2551 ? Ssl 0:00 mDNSResponder
> >system_u:system_r:fsdaemon_t 2563 ? S 0:00 /usr/sbin/smartd
> >
> >Should mDNSResponder be running as user_u:user_r:user_t?
> >daemon_base_domain() generates a
> >domain_auto_trans(initrc_t, howl_exec_t, howl_t)
> >
> >So, should it be running in howl_t?
> >
> >It gets started from /etc/rc.d/init.d/mDNSResponder:
> > su -s /bin/bash - nobody -c mDNSResponder $OTHER_MDNSRD_OPTS
> >
> >
> >>/dev/null
> >>
> >>
> >
> >That right?
> > tom
> >
> >
> Dan Walsh has come up with a new program called "runuser" (in the
> latest coreutils) that is intended to replace "su" in these situations
> (e.g. init scripts) . Try replacing "su" with "runuser" in the script
> and see what happens.
> HTH
> Richard Hally
>
>
--
Tom London
More information about the fedora-selinux-list
mailing list