su user -c problem
Gene Heskett
gene.heskett at verizon.net
Sun Jan 6 21:46:11 UTC 2008
On Sunday 06 January 2008, Todd Zullinger wrote:
>Gene Heskett wrote:
>> For years, I have been starting fetchmail as a background daemon by
>> having the line:
>> su user -c "fetchmail -d etc etc" in my rc.local script.
>>
>> Forced to re-install because something wiped the partition table on
>> my boot drive, I installed F8 and I believe its was uptodate as of
>> last night.
>>
>> But, its not running anymore via that procedure, and
>> setroubleshoot's gui will display that it was denied at the time of
>> the boot.
>>
>> It still works perfectly if I cut/paste that line into a root shell
>> after I'm logged in.
>>
>> How can I address this?
>
>I've got similar things in /etc/rc.local that used to use su -c. I
>don't recall having them get denied outright, but the programs that
>were run definitely didn't pick up the proper SELinux contexts. So I
>now have a few entries like this:
>
>runcon user_u:system_r:unconfined_t -- runuser -l -c "screen -dm" tmz
I'm afraid I have pretty close to a NDI what that will do, Todd. And your use
of the words 'used to' above also tells be your are doing this su user -c
function differently now. Can you elaborate? The manpage for runcon is so
concise as to be obtuse.
Here is the line in question, in rc.local, that does not now work:
su gene -c "fetchmail -d 90 --fetchmailrc /home/gene/.fetchmailrc"
Can you translate that into a 'runcon' style line please?
Thanks.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Failure is not an option -- it comes bundled with Windows.
More information about the fedora-selinux-list
mailing list