On Sat, Jan 25, 2014 at 08:48:25PM +0100, Luis Ressel wrote:
> This patch makes run_init unneccessary for "normal" init scripts (those
> labeled initrc_exec_t). However, it's still neccessary for scripts with
> custom types, such as iptables.
>
> Looking at the openrc code clearly shows that rc-se
This patch makes run_init unneccessary for "normal" init scripts (those
labeled initrc_exec_t). However, it's still neccessary for scripts with
custom types, such as iptables.
Looking at the openrc code clearly shows that rc-service doesn't make
any attempt to transition to the correct domain (ini
On Sun, Jan 12, 2014 at 11:44:56AM -0600, Dustin C. Hatch wrote:
> >> I think I found it. It seemed that the integrated run_init support,
> >> provided
> >> through the runscript_selinux.so library that we provide (for OpenRC)
> >> didn't
> >> use PAM authentication, even when policycoreutils was
On 01/12/2014 08:44 AM, Dustin C. Hatch wrote:
> On 01/12/2014 07:54 AM, Sven Vermeulen wrote:
>> On Sun, Jan 12, 2014 at 12:30:57PM +0100, Sven Vermeulen wrote:
dustin@test-3238ec ~ $ sudo -r sysadm_r -t sysadm_t rc-service nfsmount
restart
Password:
Authenticating root.
C
On 01/12/2014 07:54 AM, Sven Vermeulen wrote:
> On Sun, Jan 12, 2014 at 12:30:57PM +0100, Sven Vermeulen wrote:
>>> dustin@test-3238ec ~ $ sudo -r sysadm_r -t sysadm_t rc-service nfsmount
>>> restart
>>> Password:
>>> Authenticating root.
>>> Cannot find your entry in the shadow passwd file.
>>>
>>
On 01/12/2014 05:30 AM, Sven Vermeulen wrote:
> On Sat, Jan 11, 2014 at 11:34:43PM -0600, Dustin C. Hatch wrote:
>> My understanding is that in order to be able to control services, one
>> needs to have the system_r role[1]. I don't know how to get there, though:
>
> You shouldn't directly mention
On Sun, Jan 12, 2014 at 12:30:57PM +0100, Sven Vermeulen wrote:
> > dustin@test-3238ec ~ $ sudo -r sysadm_r -t sysadm_t rc-service nfsmount
> > restart
> > Password:
> > Authenticating root.
> > Cannot find your entry in the shadow passwd file.
> >
> > I'm not sure where to go from here. Any help
On Sat, Jan 11, 2014 at 11:34:43PM -0600, Dustin C. Hatch wrote:
> Ansible connects to the server as an unprivileged user (typically the
> user running it) over SSH and then executes all change commands via
> sudo. This works for most things, like copying files, etc., but if it
> has to restart a s
I'm fairly new to SELinux, and I am trying to get a server set up with
SELinux running. I use Ansible for configuration management, and I am
having some trouble getting it working with SELinux in Enforcing mode.
Most stuff is working fine, with the major exception of controlling
OpenRC services.
A
