Guide/Services

From SELinux Wiki
Jump to: navigation, search

Services

Starting a service from a...

... init script:

# /etc/init.d/ssh start
 * Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?     Ss   22:40   0:00 /usr/sbin/sshd


Services started in this way will not have the correct SELinux user. The above example results in sshd running as the unconfined_u SELinux user.

run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.

# run_init /etc/init.d/ssh start
Authenticating root.
Password:
* Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss   22:46   0:00 /usr/sbin/sshd


In the example above sshd is running as the system_u SELinux user (as would happen if the process were started by init).