glibc updates and sshd
Stephen Smalley
sds at epoch.ncsc.mil
Thu Aug 12 18:55:47 UTC 2004
Hi,
rpm runs a helper after glibc updates that does a /sbin/service sshd
condrestart. The present policy doesn't properly transition domains for
this restarting of sshd by rpm, so if you have updated your glibc, your
sshd may be running in the wrong domain. ps -eZ | grep sshd should show
a context of system_u:system_r:sshd_t. If it does not, then do a
/sbin/service sshd condrestart. Policy patch below.
Index: policy/domains/program/unused/rpm.te
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/policy/domains/program/unused/rpm.te,v
retrieving revision 1.24
diff -u -r1.24 rpm.te
--- policy/domains/program/unused/rpm.te 12 Jul 2004 16:41:48 -0000 1.24
+++ policy/domains/program/unused/rpm.te 12 Aug 2004 18:42:44 -0000
@@ -59,6 +59,7 @@
allow rpm_t devtty_t:chr_file rw_file_perms;
domain_auto_trans(rpm_t, ldconfig_exec_t, ldconfig_t)
+domain_auto_trans(rpm_t, initrc_exec_t, initrc_t)
ifdef(`cups.te', `
r_dir_file(cupsd_t, rpm_var_lib_t)
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list