selinux adventures/troubles
Daniel J Walsh
dwalsh at redhat.com
Tue Jan 6 14:15:25 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michal Jaegermann wrote:
> On Sun, Jan 04, 2009 at 02:29:44PM -0500, Daniel J Walsh wrote:
>> If you execute service sshd restart from the unconfined_t user does it
>> still start as system_crond_t?
>
> # /etc/init.d/sshd restart
> Stopping sshd: [ OK ]
> Starting sshd: [ OK ]
> # ps -eZ | grep ssh
> system_u:system_r:system_crond_t:s0 23026 ? 00:00:00 sshd
> system_u:system_r:system_crond_t:s0 23074 ? 00:00:00 sshd
>
> and the same after logging out and loging back in.
>
> /usr/sbin/sshd has system_u:object_r:sshd_exec_t:s0 for its label.
>
>> I actually just upgraded my Fathers machine from F8 to F10 and had a
>> problem with the root account not being setup to login correctly. But I
>> saw no problems with sshd?
>
> Other problems may show up yet. I do not know.
>
> I do not think that this happens consistently across installations
> and so far I do not see any rhyme or reason. On another box you may
> not even notice that something is amiss. It is not hard to imagine
> that you _think_ that you have a selinux protection after an upgrade
> while in reality everything is totally out-of-whack.
>
> The other machine which went through F8->F10 upgrade, and which I
> was using for comparisons, does not give me any grief but I am not
> sure if it really looks like it should.
>
> Michal
>
Can you execute
yum reinstall selinux-policy-targeted
and tell me if it gives you any errors?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkljZ30ACgkQrlYvE4MpobPvVACgq355BHSRYWjboVp9jbhQO3o2
XNsAnRMtAMVeClVRZERowE3ULxVEuuy9
=YCRs
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list