Hi,
I have a problem of the different behavior from what I expected
when I set "DIRECT_INITRC = y".
I'm using CentOS 5.2 with the latest updates as of today.
I downloaded the latest version of the refpolicy, or refpolicy-20080702.tar.bz2
and I built it the following settings.
TYPE = mcs
DISTRO = redhat
DIRECT_INITRC = y
MONOLITHIC = y
Instead of "DIRECT_INITRC = y", however, when I tried directly
running an init script, for example /etc/init.d/sshd status,
I got the following message.
#/etc/init.d/sshd status
-bash: /etc/init.d/sshd: Permission denied
I found error messages in /var/log/audit/audit.log.
This is the message.
type=USER_AVC msg=audit(1220604894.436:66): user pid=1685 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc: received setenforce
notice (enforcing=1) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=AVC msg=audit(1220604900.764:67): avc: denied { execute } for pid=1895
comm="bash" name="sshd" dev=dm-0 ino=622892 scontext=root:sysadm_r:sysadm_t:s0-s0:c0.c255
tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1220604900.764:67): arch=40000003 syscall=11
success=no exit=-13 a0=820d018 a1=820d068 a2=8207ad0 a3=0 items=0
ppid=1873 pid=1895 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty1 ses=1 comm="bash" exe="/bin/bash"
subj=root:sysadm_r:sysadm_t:s0-s0:c0.c255 key=(null)
type=AVC msg=audit(1220604900.764:68): avc: denied { execute } for pid=1895
comm="bash" name="sshd" dev=dm-0 ino=622892
scontext=root:sysadm_r:sysadm_t:s0-s0:c0.c255
tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file
What do I do to directly run an init script
without using the run_init tool?
Could someone help me please?
Thanks in advance.