Stuck in init_t

Sciola, Dario Dario.Sciola at cse-cst.gc.ca
Wed May 14 15:12:30 UTC 2008


Classification: UNCLASSIFIED

Hi,

I've got a small application that I'm trying to get running as a service
on and FC8 SELinux box. I've got an entry in my inittab file to kick
start the app, but all my attempts at writing an appropriate policy
leaves that app running in the init_t domain.

The inittab file entry is:

 cds:2345:respawn:/usr/bin/CDSserver -l -p 2732
 
ps -efZ (observing this as a 'root' user) gives:

system_u:system_r:init_t:s0 root 2663 1 0 10:01 ?  00:00:00
/usr/bin/CDSserver -l -p 2732

My .te file contains:

   policy_module(cdsserver,1.0.3) 

   ########################################
   #
   # Declarations
   #
   ########################################

   # Type declarations
   ###################

   # the target domain:
   type cds_t;

   # Entrypoint for exec
   type cds_exec_t;


   # domain type
   #domain_type(cds_t)

   # Mark cds_t as a domain and cds_exec_t as an entrypoint
   init_daemon_domain(cds_t, cds_exec_t)

   domain_entry_file(cds_t, cds_exec_t)

   allow cds_t self:process execmem;

   ...

My .fc file contains:

   /usr/bin/CDSserver --   gen_context(system_u:object_r:cds_exec_t,s0)


My .if file contains:

   interface(`cds_domtrans',`
        gen_require(`
                type cds_t, cds_exec_t;
        ')

        domain_auto_trans($1,cds_exec_t,cds_t)
 
        allow $1 cds_t:fd use;
        allow cds_t $1:fd use;
        allow cds_t $1:fifo_file rw_file_perms;
        allow cds_t $1:process sigchld;
   ')

I've also tried putting init_t as $1 in the domain_auto_trans()

Why isn't the process transitioning to cds_t? I've looked at a lot of
sites and examples and can't seem to figure out my problem. The policy
is the targeted FC8 policy. Module compiles and loads (semodule) fine.

# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        targeted
  
Any ideas?


Dario Sciola

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080514/967025d6/attachment.htm>


More information about the fedora-selinux-list mailing list