Hi All,
I have implemented some policies and finding that when users are restarting services the wrong user context is being used and the process runs as unconfined_u (as expected). We are not doing any user confinement.
Ideally, I want the processes to run as system_u. Using run_init fixes this issue but is there any other way to achieve this on RHEL 6.x without user confinement?
I am using Sven's SELinux System Administration (1st Edition) Chapter 3 as my reference.
Thanks.
Best Regards,
Walid Fakim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20170207/335533c7/attachment.html
On 02/07/17 09:50, Fakim, Walid via refpolicy wrote:
> I have implemented some policies and finding that when users are
> restarting services the wrong user context is being used and the process
> runs as unconfined_u (as expected). We are not doing any user confinement.
>
> Ideally, I want the processes to run as system_u. Using run_initfixes
> this issue but is there any other way to achieve this on RHEL 6.x
> without user confinement?
seutil_run_runinit(unconfined_t, unconfined_r) should take care of it.
--
Chris PeBenito