mysqld_disable_trans leaves mysqld running as initrc_t?
Stephen Smalley
sds at tycho.nsa.gov
Thu Dec 8 19:44:37 UTC 2005
On Thu, 2005-12-08 at 14:31 -0500, Chuck Anderson wrote:
> I've disabled SELinux protection of mysqld since it was causing major
> performance problems.
More information about those performance problems would be of interest.
> This fixed the problem. However, is mysqld supposed to be running as
> initrc_t instead of unconfined_t when mysqld_disable_trans is set?
In FC4 and later, yes. FC4 re-introduced the use of separate initial
domains for system initialization, transitioning later to unconfined_t,
rather than starting the system in unconfined_t as in FC3, which allows
some useful distinctions to be made. But in targeted policy, initrc.te
contains unconfined_domain(initrc_t), so it still ends up with full
permissions.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list