[systemd-devel] Where to put unix sockets while SELinux enforces on init_t?
Stephen Hemminger
stephen at networkplumber.org
Sat Jan 29 23:31:13 UTC 2022
On Sat, 29 Jan 2022 14:46:52 -0800
Daniel Farina <daniel at fdr.io> wrote:
> I am using SELinux enforced AlmaLinux, and am wondering where the customary
> place to put a ListenStream directive that is opening a unix socket should
> be.
>
> Old-school customarily, /tmp suffices, but SELinux blocks that: "init_t" is
> not allowed to create the socket there.
>
> Looking through definitions, /var/run/systemd is a place that systemd can
> create unix socket files, and indeed my prototype using this works, but I'm
> not sure if this is where they "belong."
>
> Does anyone have an opinion on this?
>
> Thanks,
> Daniel
Use Linux abstract sockets where pathname is irrelevant?!
It saves pain with SELinux.
Lots of services use /run look at:
ss -xa
to see what is already there
More information about the systemd-devel
mailing list