Description of problem: With selinux in enforcing mode, system processes are hidden from normal users. In particular "pidof <command>" doesn't work for system processes. A consequence of this is that a normal user "/sbin/service <service> status" says the service is stopped even if it is actually running. How reproducible: Every time Steps to Reproduce: 0. Install test2 and login. 1. % service sshd status 2. % service canna status 3. su - 4. # service sshd status 5. # service canna status Actual results: 1. sshd dead but pid file exists 2. cannaserver is stopped 4. sshd (pid 2536 2532 2068) is running... 5. cannaserver (pid 4541) is running... Expected results: Consist results. If service can't tell the pids of system processes to normal users, it should say so (eg "Permission denied" or similar), rather than giving inaccurate responses. Additional comments: The xinput script currently depends on service status output. Canna comes with cannaping whose exit status corresponds to whether cannaserver is running or not. But implementing "<service>ping" for every daemon in the distro seems like a lot of work...
Any thoughts on this? :)
Yeah, ouch. I have no idea how to handle this other than to rewrite the scripts. Dan
This really requires a rewrite of all service scripts to make it work correctly, so I am deferring. Dan
A rewrite of the "/etc/init.d/functions" file, which all (i think) of the functions call to load up the helper routines, to check and abort out with a "permission denied" or something along those lines, is all that's necessary i think.