Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Starting applications from initrc in a user's context?
From: Russell Coker <russell_at_coker.com.au>
Date: Tue, 4 Jan 2005 21:03:12 +1100
Use:
Also you need to either allow domain user1_t to run in role system_r or allow a role transition from system_r to user1_r by initrc_t. Allowing the domain user1_t in role system_r is done by: role system_r types user1_t; Allowing the role to be changed requires adding privrole to the attributes of domain initrc_t. In that case either the identity system_u must be permitted to have the role user1_r or initrc_t also needs the privuser attribute so it can launch a process with a different identity.
> What am I missing? Or, is there a better way of running the four Maybe have cron launch them. Cron has all privs needed to launch processes on behalf of users. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 4 Jan 2005 - 05:03:24 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |