crond and /usr/bin/run-parts
Fritz Elfert
fritz.elfert at millenux.com
Thu May 27 18:54:59 UTC 2004
After you mentioned run_init, i read it's manpage and tried "run_init
service crond restart". Didn't work out of the box, but that was an easy
one. Just added the following into my local.te:
allow run_init_t sbin_t:file { read execute };
Now i can manually restart services properly with "run_init service
whatever restart". Probably, /sbin/service should get a dedicated
attribute instead of just system_u:object_r:sbin_t. Then one could have a
more tighten rule describing what run_init_t is allowd to execute.
Ciao
-Fritz
On Thu, 27 May 2004, Stephen Smalley wrote:
> On Thu, 2004-05-27 at 14:00, Fritz Elfert wrote:
> > Thanks a lot, that did the trick.
>
> Good. I think we have to make a change to policy/constraints in the
> policy sources to avoid the problem in the future, as the crond process
> will revert to root:system_r:crond_t if you restart it by hand again
> without using runcon or run_init.
>
>
--
Fritz Elfert <fritz.elfert at millenux.com> Millenux GmbH
Lilienthalstr. 2 Phone: +49 711 88770 400
70825 Stuttgart FAX: +49 711 88770 449
--------------------------------------------------------------------------
More information about the fedora-selinux-list
mailing list