Difference between revisions of "Guide/Services"
From SELinux Wiki
(New page: == Services == Starting a service from a... ... init script: <pre> # /etc/init.d/ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | gre...) |
(→Services) |
||
Line 5: | Line 5: | ||
... init script: | ... init script: | ||
− | + | # /etc/init.d/ssh start | |
− | # /etc/init.d/ssh start | + | * Starting OpenBSD Secure Shell server sshd [ OK ] |
− | + | # ps auxZ | grep sshd | |
− | # ps auxZ | grep sshd | + | unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd |
− | unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd | + | |
− | + | ||
− | Services started in this way will not have the correct SELinux user. The above example results in | + | |
+ | Services started in this way will not have the correct SELinux user. The above example results in ''sshd'' running as the ''unconfined_u'' SELinux user. | ||
run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process. | run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process. | ||
− | + | # run_init /etc/init.d/ssh start | |
− | # run_init /etc/init.d/ssh start | + | Authenticating root. |
− | Authenticating root. | + | Password: |
− | Password: | + | |
* Starting OpenBSD Secure Shell server sshd [ OK ] | * Starting OpenBSD Secure Shell server sshd [ OK ] | ||
− | # ps auxZ | grep sshd | + | # ps auxZ | grep sshd |
− | system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd | + | system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd |
− | + | ||
− | In the example above | + | In the example above ''sshd'' is running as the ''system_u'' SELinux user (as would happen if the process were started by init). |
Latest revision as of 18:42, 19 November 2009
Services
Starting a service from a...
... init script:
# /etc/init.d/ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | grep sshd unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd
Services started in this way will not have the correct SELinux user. The above example results in sshd running as the unconfined_u SELinux user.
run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.
# run_init /etc/init.d/ssh start Authenticating root. Password: * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | grep sshd system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd
In the example above sshd is running as the system_u SELinux user (as would happen if the process were started by init).