[CentOS] SELinux and access across 'similar types'

Fri Jan 6 12:21:14 UTC 2012
Bennett Haselton <bennett at peacefire.org>

On 1/6/2012 4:11 AM, Philippe Naudin wrote:
> Le ven 06 jan 2012 02:41:02 CET, Bennett Haselton a écrit:
>
>> On 1/6/2012 2:24 AM, Philippe Naudin wrote:
>>> Apache running as "init_t" is a call for troubles.
>> Is it?  OK, any idea what caused that and how to fix it?
> No, sorry. Your httpd comes from CentOS ?
Yes
> Afaik, you should not have any process running in context init_t except
> init itself. If "ps awuxZ | grep [i]nit_t" returns more than only init
> and httpd, your problem is likely to be more complicated than a broken
> configuration of apache.

I've got a few...

[root at g6950-21025 ~]# ps auwxZ | grep init_t
system_u:system_r:init_t        root         1  0.6  0.0  10368   712 
?        Ss   04:17   0:00 init [3]

system_u:system_r:init_t        root       537  0.2  0.1  13728  1976 
?        S<s  04:17   0:00 /sbin/udevd -d
system_u:system_r:init_t        root      1684  0.0  0.0  38880   456 
?        Ssl  04:18   0:00 brcm_iscsiuio
system_u:system_r:init_t        root      1690  0.0  0.0  12152   476 
?        Ss   04:18   0:00 iscsid
system_u:system_r:init_t        root      1691  0.0  0.4  12648  4460 
?        S<Ls 04:18   0:00 iscsid
system_u:system_r:init_t        dbus      2081  0.0  0.1  31520  1144 
?        Ssl  04:18   0:00 dbus-daemon --system
system_u:system_r:init_t        root      2215  0.0  0.1  52372  1492 
?        Ssl  04:18   0:00 automount
system_u:system_r:init_t        root      2254  0.0  0.1  62656  1212 
?        Ss   04:18   0:00 /usr/sbin/sshd
system_u:system_r:init_t        ntp       2273  0.0  0.4  23412  5044 
?        SLs  04:18   0:00 ntpd -u ntp:ntp -p /var
/run/ntpd.pid -g
system_u:system_r:init_t        root      2287  0.1  1.0 253312 10580 
?        Ss   04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2315  0.3  1.3 259488 13376 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2316  0.0  1.0 257436 11124 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2317  0.1  1.1 257436 11288 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2318  0.1  1.1 257436 11292 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2319  0.0  1.0 256720 10504 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2320  0.1  1.0 257436 10752 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2321  0.0  1.1 257436 11272 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        apache    2322  0.1  1.1 257436 11356 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        root      2386  0.0  0.0   3812   492 
tty1     Ss+  04:18   0:00 /sbin/mingetty tty1
system_u:system_r:init_t        root      2387  0.0  0.0   3812   488 
tty2     Ss+  04:18   0:00 /sbin/mingetty tty2
system_u:system_r:init_t        root      2390  0.0  0.0   3812   488 
tty3     Ss+  04:18   0:00 /sbin/mingetty tty3
system_u:system_r:init_t        root      2392  0.0  0.0   3812   492 
tty4     Ss+  04:18   0:00 /sbin/mingetty tty4
system_u:system_r:init_t        root      2394  0.0  0.0   3812   488 
tty5     Ss+  04:18   0:00 /sbin/mingetty tty5
system_u:system_r:init_t        root      2397  0.0  0.0   3812   488 
tty6     Ss+  04:18   0:00 /sbin/mingetty tty6
system_u:system_r:init_t        apache    2405  0.1  1.0 256412 11008 
?        S    04:18   0:00 /usr/sbin/httpd
system_u:system_r:init_t        root      2406  0.3  0.3  90156  3456 
?        Ss   04:18   0:00 sshd: root at pts/0
root:system_r:initrc_t:SystemLow-SystemHigh root 2458 0.0  0.0 61176 768 
pts/0 S+   04:18   0:00 grep init_t



I also found at least one file (the audit.log file) which has file type 
file_t, even though I thought the filesystem had been re-labeled 
successfully because /var/www/html/robots.txt had the correct type:

[root at g6950-21025 ~]# ls -lZ /var/www/html/robots.txt
-rw-rw-rw-  root root system_u:object_r:httpd_sys_content_t 
/var/www/html/robots.txt
[root at g6950-21025 ~]# ls -lZ /var/log/audit/audit.log
-rw-------  root root system_u:object_r:file_t         
/var/log/audit/audit.log


Any idea (1) what could be causing that and (2) whether it could be 
related to the problem with all those init_t processes?


> If only httpd is concerned, check "ls -Z /usr/sbin/httpd" :
> -rwxr-xr-x  root root system_u:object_r:httpd_exec_t   /usr/sbin/httpd
> and try eventually "yum reinstall httpd" ...
>