[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Gordon Messmer
yinyang at eburg.com
Wed May 26 05:22:21 UTC 2010
On 05/25/2010 08:36 PM, Whit Blauvelt wrote:
>
> Thoughtful advice. Thanks. Is there some method to duplicate basic
> configuration files across selinux servers without running restorecon for
> each set of files that's copied over - that is, to copy them with their
> selinux labels intact?
Usually if you copy them directly to their destination, they'll have the
correct context. If you copy it to a different location first (like
/home/) and then move it into place, it'll have the context that it got
when it was created (like user_home_t).
I use bcfg2 to manage configuration files, for instance, and I don't
believe that any SELinux contexts are broken as a result.
>> From this limited example, it looks like selinux gets in the way of standard
> administrative tasks, yet wouldn't be in the way at all of anyone who'd
> acquired a shell within which they could run another shell and with that
> call whatever program they like.
No, it wouldn't, and it's not intended to. It is intended to confine
your system daemons so that an attacker cannot overflow a buffer and
execute arbitrary shell code (for instance).
More information about the CentOS
mailing list