Bug 1004279
Summary: | kshd runs as init_t when kshell.socket is active | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | dwalsh, mgrepl, mmalik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.12.1-76.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 12:50:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1004161 |
Description
Milos Malik
2013-09-04 10:26:53 UTC
This bug talks about the kerberized version of rshell server. # matchpathcon /usr/kerberos/sbin/kshd /usr/kerberos/sbin/kshd system_u:object_r:rshd_exec_t:s0 # rpm -qf /usr/kerberos/sbin/kshd krb5-appl-servers-1.0.3-7.el7.x86_64 # I believe that the fix will also solve the same problem of the original rshell server, because the files are labelled similarly. # matchpathcon /usr/sbin/in.rshd /usr/sbin/in.rshd system_u:object_r:rshd_exec_t:s0 # rpm -qf /usr/sbin/in.rshd rsh-server-0.17-73.el7.x86_64 # All of these bugs look related, and we need to make sure there is not a labelling issue. # ls -Z /usr/kerberos/sbin/kshd -rwxr-xr-x. root root system_u:object_r:rshd_exec_t:s0 /usr/kerberos/sbin/ksh # Actually the problem with all these bugs is we miss init domain for these inetd domain. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |