hotplug_t?
Axel Thimm
Axel.Thimm at ATrpms.net
Tue Aug 1 13:27:25 UTC 2006
On Tue, Aug 01, 2006 at 02:24:26PM +0100, Paul Howarth wrote:
> Axel Thimm wrote:
> >On Tue, Aug 01, 2006 at 09:16:04AM -0400, Stephen Smalley wrote:
> >>On Tue, 2006-08-01 at 14:51 +0200, Axel Thimm wrote:
> >>>Does the following output help? Looks like anything called from sshd
> >>>gets into hotplug_t. The main sshd process runs under
> >>>system_u:system_r:kernel_t.
> >>sshd running in kernel_t is the problem; that should never happen (init
> >>transitions to init_t, then everything flows from it; nothing should
> >>ever transition back into kernel_t). Only kernel threads should have
> >>kernel_t (init will start life as kernel_t but then transition; usermode
> >>helpers like modprobe and hotplug should transition upon the exec).
> >
> >Hm. there are tons of processes in kernel_t, in fact almost everything
> >but sshd initiated processes, httpd, rotatelog and spamd.
> >
> >Maybe I need to restart init yet another time (e.g. reboot). Would
> >that make sense?
> >
> >I'll reboot the system in ~9h and check again whether any process but
> >kernel threads got lost in kernel_t.
>
> Is /sbin/init labelled as system_u:object_r:init_exec_t ?
Yes, it is.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060801/2b11b63f/attachment.sig>
More information about the fedora-selinux-list
mailing list