Guide/Services

From SELinux Wiki

Revision as of 14:08, 26 June 2009 (edit) CalebCase (Talk | contribs) (New page: == Services == Starting a service from a... ... init script: <pre> # /etc/init.d/ssh start * Starting OpenBSD Secure Shell server sshd [ OK ] # ps auxZ | gre...) ← Previous diff		Current revision (18:42, 19 November 2009) (edit) (undo) JoshuaBrindle (Talk | contribs) (→Services)
Line 5:		Line 5:
	... init script:		... init script:
-	<pre>	+	# /etc/init.d/ssh start
-	# /etc/init.d/ssh start	+	* Starting OpenBSD Secure Shell server sshd [ OK ]
-	* Starting OpenBSD Secure Shell server sshd [ OK ]	+	# ps auxZ | grep sshd
-	# ps auxZ | grep sshd	+	unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd
-	unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0 0.0 48940 1176 ? Ss 22:40 0:00 /usr/sbin/sshd	+
-	</pre>	+
-	Services started in this way will not have the correct SELinux user. The above example results in <tt>sshd</tt> running as the <tt>unconfined_u</tt> SELinux user.	+
		+	Services started in this way will not have the correct SELinux user. The above example results in ''sshd'' running as the ''unconfined_u'' SELinux user.
	run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.		run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.
-	<pre>	+	# run_init /etc/init.d/ssh start
-	# run_init /etc/init.d/ssh start	+	Authenticating root.
-	Authenticating root.	+	Password:
-	Password:	+
	* Starting OpenBSD Secure Shell server sshd [ OK ]		* Starting OpenBSD Secure Shell server sshd [ OK ]
-	# ps auxZ | grep sshd	+	# ps auxZ | grep sshd
-	system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd	+	system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0 0.0 48940 1176 ? Ss 22:46 0:00 /usr/sbin/sshd
-	</pre>	+
-	In the example above <tt>sshd</tt> is running as the <tt>system_u</tt> SELinux user (as would happen if the process were started by init).	+	In the example above ''sshd'' is running as the ''system_u'' SELinux user (as would happen if the process were started by init).

---

Current revision

[edit] Services

Starting a service from a...

... init script:

# /etc/init.d/ssh start
 * Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
unconfined_u:system_r:sshd_t:s0-s0:c0.c255 root 1781 0.0  0.0 48940 1176 ?     Ss   22:40   0:00 /usr/sbin/sshd

Services started in this way will not have the correct SELinux user. The above example results in sshd running as the unconfined_u SELinux user.

run_init can be used to start services in the same domain as they would have as if they were brought up as part of the normal bootup process.

# run_init /etc/init.d/ssh start
Authenticating root.
Password:
* Starting OpenBSD Secure Shell server sshd                            [ OK ]
# ps auxZ | grep sshd
system_u:system_r:sshd_t:s0-s0:c0.c255 root 2017 0.0  0.0 48940  1176 ?        Ss   22:46   0:00 /usr/sbin/sshd

In the example above sshd is running as the system_u SELinux user (as would happen if the process were started by init).