Difference between revisions of "Guide/Services"

From SELinux Wiki
Jump to: navigation, search
(New page: == Services == Starting a service from a... ... init script: <pre> # /etc/init.d/ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | gre...)
 
(Services)
 
Line 5: Line 5:
 
... init script:
 
... init script:
  
<pre>
+
# /etc/init.d/ssh start
# /etc/init.d/ssh start
+
  * Starting OpenBSD Secure Shell server sshd                            [ OK ]
* Starting OpenBSD Secure Shell server sshd                            [ OK ]
+
# ps auxZ | grep sshd
# ps auxZ | grep sshd
+
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?    Ss  22:40  0:00 /usr/sbin/sshd
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?    Ss  22:40  0:00 /usr/sbin/sshd
+
</pre>
+
  
Services started in this way will not have the correct SELinux user. The above example results in <tt>sshd</tt> running as the <tt>unconfined_u</tt> SELinux user.
+
 
 +
Services started in this way will not have the correct SELinux user. The above example results in ''sshd'' running as the ''unconfined_u'' SELinux user.
  
 
run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.
 
run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.
  
<pre>
+
# run_init /etc/init.d/ssh start
# run_init /etc/init.d/ssh start
+
Authenticating root.
Authenticating root.
+
Password:
Password:
+
 
  * Starting OpenBSD Secure Shell server sshd                            [ OK ]
 
  * Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
+
# ps auxZ | grep sshd
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss  22:46  0:00 /usr/sbin/sshd
+
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss  22:46  0:00 /usr/sbin/sshd
</pre>
+
 
  
In the example above <tt>sshd</tt> is running as the <tt>system_u</tt> SELinux user (as would happen if the process were started by init).
+
In the example above ''sshd'' is running as the ''system_u'' SELinux user (as would happen if the process were started by init).

Latest revision as of 18:42, 19 November 2009

Services

Starting a service from a...

... init script:

# /etc/init.d/ssh start
 * Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?     Ss   22:40   0:00 /usr/sbin/sshd


Services started in this way will not have the correct SELinux user. The above example results in sshd running as the unconfined_u SELinux user.

run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.

# run_init /etc/init.d/ssh start
Authenticating root.
Password:
* Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss   22:46   0:00 /usr/sbin/sshd


In the example above sshd is running as the system_u SELinux user (as would happen if the process were started by init).