* named pt2
@ 2002-07-03 21:48 Timothy Wood
2002-07-05 3:40 ` Russell Coker
2002-07-05 12:08 ` Stephen Smalley
0 siblings, 2 replies; 3+ messages in thread
From: Timothy Wood @ 2002-07-03 21:48 UTC (permalink / raw)
To: SELinux
Can someone explain to my why bind works if I let init start it but it
does not start if I start it as root from the cli?
Timothy,
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: named pt2
2002-07-03 21:48 named pt2 Timothy Wood
@ 2002-07-05 3:40 ` Russell Coker
2002-07-05 12:08 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Russell Coker @ 2002-07-05 3:40 UTC (permalink / raw)
To: Timothy Wood, SELinux
On Wed, 3 Jul 2002 17:48, Timothy Wood wrote:
> Can someone explain to my why bind works if I let init start it but it
> does not start if I start it as root from the cli?
You are supposed to use run_init to run the init script. run_init causes the
script to be run as system_u:system_r:initrc_t, and then a
domain_auto_trans() rule transitions it to system_u:system_r:named_t which is
the correct context of the daemon.
Running it in another context denies it access to port 53 (port 53 is only
for named_t).
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: named pt2
2002-07-03 21:48 named pt2 Timothy Wood
2002-07-05 3:40 ` Russell Coker
@ 2002-07-05 12:08 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2002-07-05 12:08 UTC (permalink / raw)
To: Timothy Wood; +Cc: SELinux
On 3 Jul 2002, Timothy Wood wrote:
> Can someone explain to my why bind works if I let init start it but it
> does not start if I start it as root from the cli?
When running init scripts directly from an administrator shell, you need
to use run_init so that the init script will run with the right security
context (system_u:system_r:initrc_t) and any daemons will transition to
the correct domain.
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-07-05 12:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-07-03 21:48 named pt2 Timothy Wood
2002-07-05 3:40 ` Russell Coker
2002-07-05 12:08 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.