On Wed, 16 Feb 2011, Christoph Maser wrote:
> - init script: it is possible to start nagios as root or nagios user on
> the command line but not using the init script. the init script is
> context initrc_exec_t and that context is not allowed
This is strange. What is "not allowed"? As far as I can tell, the
transition from initrc_t (the domain corresponding to initrc_exec_t)
to nagios_t is allowed:
allow initrc_t nagios_exec_t : file {read getattr execute};
allow initrc_t nagios_t : process {transition sigchld noatsecure siginh
rlimitinh};
allow nagios_t nagios_exec_t : file {ioctl read getattr lock execute
entrypoint};
type_transition initrc_t nagios_exec_t : process nagios_t;
(This assumes nagios_disable_trans is off.)
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
_______________________________________________
users mailing list
[email protected]
http://lists.rpmforge.net/mailman/listinfo/users
