SELinux default contexts and PAM session?
Brian Ginn
BGinn at symark.com
Fri May 15 21:47:50 UTC 2009
I have a server app that runs from xinetd.
This server's job is to exec a program.
This app is not yet confined by SELinux policy.
When I use PAM session service, audit.log shows:
type=USER_ROLE_CHANGE msg=audit(1242413723.389:14866): user pid=24149 uid=0 auid=0 subj=system_u:system_r:inetd_t:s0-s0:c0.c1023 msg='pam: default-context=root:system_r:amanda_t:s0-s0:c0.c1023 selected-context=root:system_r:amanda_t:s0-s0:c0.c1023: exe="/usr/sbin/myserverd" (hostname=?, addr=?, terminal=ptmx res=success)'
Somehow, SELinux is deciding that the default context should be ...amanda_t...
How is that decision made?
Can I create a more correct context (that will be recognized as the default context) without confining the server?
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090515/f505fe09/attachment.htm>
More information about the fedora-selinux-list
mailing list