2017-02-07 14:50:45

by walid.fakim

[permalink] [raw]
Subject: [refpolicy] run_init on RHEL 6.x

Hi All,

I have implemented some policies and finding that when users are restarting services the wrong user context is being used and the process runs as unconfined_u (as expected). We are not doing any user confinement.
Ideally, I want the processes to run as system_u. Using run_init fixes this issue but is there any other way to achieve this on RHEL 6.x without user confinement?

I am using Sven's SELinux System Administration (1st Edition) Chapter 3 as my reference.

Thanks.

Best Regards,

Walid Fakim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20170207/335533c7/attachment.html


2017-02-07 23:32:58

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] run_init on RHEL 6.x

On 02/07/17 09:50, Fakim, Walid via refpolicy wrote:
> I have implemented some policies and finding that when users are
> restarting services the wrong user context is being used and the process
> runs as unconfined_u (as expected). We are not doing any user confinement.
>
> Ideally, I want the processes to run as system_u. Using run_initfixes
> this issue but is there any other way to achieve this on RHEL 6.x
> without user confinement?

seutil_run_runinit(unconfined_t, unconfined_r) should take care of it.


--
Chris PeBenito