Domain transition missing
Vadym Chepkov
chepkov at yahoo.com
Sat Jul 4 12:11:18 UTC 2009
Hi,
Last night I got a nasty surprise from selinux. I am using winbind for external authentication and since it has history of failures I have a simple watchdog implemented to check the status and restart it if necessary. That is what happened last night and as a law abiding selinux citizen I used 'service winbind restart', but it seems the proper domain transitions is missing and winbind was started in system_cronjob_t domain instead of winbind_t and none of other domains could connect to it.
I think jobs running from cron should be granted the same transition rules as from unconfined_t.
I will file bugzilla report about it, but could somebody help me with modifying my local policy until/if it gets implemented, please? Thank you.
Sincerely yours,
Vadym Chepkov
More information about the fedora-selinux-list
mailing list