Guide/Services

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 14:08, 26 June 2009 (edit)
CalebCase (Talk | contribs)
(New page: == Services == Starting a service from a... ... init script: <pre> # /etc/init.d/ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | gre...)
← Previous diff
Current revision (18:42, 19 November 2009) (edit) (undo)
JoshuaBrindle (Talk | contribs)
(Services)
 
Line 5: Line 5:
... init script: ... init script:
-<pre>+ # /etc/init.d/ssh start
-# /etc/init.d/ssh start+ * Starting OpenBSD Secure Shell server sshd [ OK ]
- * Starting OpenBSD Secure Shell server sshd [ OK ]+ # ps auxZ | grep sshd
-# ps auxZ | grep sshd+ unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd
-unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd+
-</pre>+
-Services started in this way will not have the correct SELinux user. The above example results in <tt>sshd</tt> running as the <tt>unconfined_u</tt> SELinux user.+ 
 +Services started in this way will not have the correct SELinux user. The above example results in ''sshd'' running as the ''unconfined_u'' SELinux user.
run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process. run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.
-<pre>+ # run_init /etc/init.d/ssh start
-# run_init /etc/init.d/ssh start+ Authenticating root.
-Authenticating root.+ Password:
-Password:+
* Starting OpenBSD Secure Shell server sshd [ OK ] * Starting OpenBSD Secure Shell server sshd [ OK ]
-# ps auxZ | grep sshd+ # ps auxZ | grep sshd
-system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd+ system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd
-</pre>+ 
-In the example above <tt>sshd</tt> is running as the <tt>system_u</tt> SELinux user (as would happen if the process were started by init).+In the example above ''sshd'' is running as the ''system_u'' SELinux user (as would happen if the process were started by init).

Current revision

[edit] Services

Starting a service from a...

... init script:

# /etc/init.d/ssh start
 * Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?     Ss   22:40   0:00 /usr/sbin/sshd


Services started in this way will not have the correct SELinux user. The above example results in sshd running as the unconfined_u SELinux user.

run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.

# run_init /etc/init.d/ssh start
Authenticating root.
Password:
* Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss   22:46   0:00 /usr/sbin/sshd


In the example above sshd is running as the system_u SELinux user (as would happen if the process were started by init).

Personal tools