(no subject)

From: Eric Gingras (LMC) (Eric.Gingrasat_private)
Date: Thu Aug 29 2002 - 08:48:40 PDT

  • Next message: Russell Coker: "(no subject)"

    Hi,
    I'm quite a newbie to SELinux. Up to now, I've install the system and I've
    look at the configuration files. As a first test, I've try to configure an
    application called HTTPServer using it's own type(domain) and it's own file
    type.
    
    The application is called HTTPServer (compiled from serv.c which is joined
    to this message). This application is located in /bin.  A type for the file
    of the executable as been created (HTTPServer.fc located in
    policy/file_contexts/program/ and joined to this message).  A type (domain)
    for the process as also been created (HTTPServer.te located in
    policy/domains/program also joined to this message).
     	
    When using the sysadm_r role, starting HTTPServer, and checking the process
    with ps --context, the domain of the process is "HTTPServer_t".  So
    everything looks normal.  But when using the user_r role, starting
    HTTPServer, and checking the process with ps --context, the domain of the
    process is "user_t".  
     
    The goal was to allow the execution of HTTPServer to the sysadm_r and not to
    user_r.  A couple of things (e.g. commenting transition rules) to block the
    transition from HTTPServer_t to user_t, were tried without success.
    
    Would you have any helpful recommandation or ressource ?
    
    
    Thank you and regards,
    
    
    Eric Gingras
    
    Eric.Gingrasat_private
    
    
    
    



    _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module



    This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 08:49:39 PDT