We can now use the sesearch command to retrieve the SELinux domain transition rule for when a daemon of type init_t executes a program of type mysqld_safe_exec_t: # sesearch -T -s init_t -t mysqld_safe_exec_t root root system_u:object_r:mysqld_safe_exec_t:s0 /usr/bin/mysqld_safe Retrieve the SELinux context type of the mysqld_safe executable: # which mysqld_safe| xargs ls -Z The systemd daemon starts the service by executing the mysqld_safe binary file. We start with retrieving the SELinux domain type of the systemd daemon: # ps -Z -C systemd Use the SELinux policy tools to predict the SELinux domain type for the mysqld daemon when systemd starts the service. sesearch allows the user to search the rules in a SELinux policy.seinfo allows the user to query the components of a SELinux policy.The sesearch command is part of the setools-console package: # yum install -y setools-console We are going to audit the SELinux policy to explain the context of a mysqld process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |