hotplug_t?

[Stephen Smalley]

On Tue, 2006-08-01 at 15:21 +0200, Axel Thimm wrote:
> On Tue, Aug 01, 2006 at 09:16:04AM -0400, Stephen Smalley wrote:
> > On Tue, 2006-08-01 at 14:51 +0200, Axel Thimm wrote:
> > > Does the following output help? Looks like anything called from sshd
> > > gets into hotplug_t. The main sshd process runs under
> > > system_u:system_r:kernel_t.
> > 
> > sshd running in kernel_t is the problem; that should never happen (init
> > transitions to init_t, then everything flows from it; nothing should
> > ever transition back into kernel_t).  Only kernel threads should have
> > kernel_t (init will start life as kernel_t but then transition; usermode
> > helpers like modprobe and hotplug should transition upon the exec).
> 
> Hm. there are tons of processes in kernel_t, in fact almost everything
> but sshd initiated processes, httpd, rotatelog and spamd.
> 
> Maybe I need to restart init yet another time (e.g. reboot). Would
> that make sense?

It would if init were running in kernel_t too.  But given that it is
running in init_t, I don't understand how its descendants got back to
kernel_t.  Unless the transition to init_t happened after starting the
descendants, e.g. you manually told init to re-exec via telinit.

> I'll reboot the system in ~9h and check again whether any process but
> kernel threads got lost in kernel_t.

-- 
Stephen Smalley
National Security Agency