fedora-selinux January 2012 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: making a file context change work for initrc_t a

making a file context change work for initrc_t and unconfined_t

From: Maria Iano <maria_at_nospam>
Date: Tue Jan 31 2012 - 22:33:25 GMT
To: selinux@lists.fedoraproject.org

I have a RHEL 6.2 server running LikewiseOpen. It appears to me that I
will take care of a large number of denials if I can change the type
of /var/lib/likewise/.lsassd to be lsassd_var_socket_t.

I added the file context rule with semanage, and used restorecon to
change it to lsassd_var_socket_t as desired. But later I found that /
var/lib/likewise/.lsassd had type var_lib_t again. I assume that is
because the likewise processes run as initrc_t.

I'd like to change the policy and tell it that services running in
either initrc_t or unconfined_t domains should create the file /var/
lib/likewise/.lsassd with type lsassd_var_socket_t. (A command line
tool lwsm for managing the processes runs in unconfined_t so I'd like
to include that domain to be safe. ) How can I go about doing that in
RHEL 6 (or can I)?

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux