Ask Your Question

Revision history [back]

How Do You Configure A User In Selinux

Specifically, I have a number of daemon processes running with the user context shown (ps -eZ) as system_u:system_r:initrc_t, presumably because they were started by systemctl. The domain is wrong (doesn't match the file contexts, which I believe are correct) and so Selinux has to be in permissive mode to work. Something like system_u:system_r:mydaemon_t would be expected based on the documentation.

As an example: here is the httpd --> system_u:system_r:unconfined_service_t:s0 859 ? 00:00:00 httpd which for some reason has a slightly different *_t parameter.

How do I change the user type? I tried editing /etc/selinux/targeted/seusers but that doesn't propagate to the running processes. All of the utilities that I can find relate to files rather than users.

Some of the processes involved should have predefined policies according ot the Fedora Selinix documentation but all have been insatlled externally (ie not using dnf) so the automatic setup was bypassed.

How should I deal with this? It has to be a command line since I'm connected to the server remotely.

Thanks.