Bug 1028508

Summary: cgdcbxd runs as initrc_t
Product: Red Hat Enterprise Linux 6 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED WONTFIX QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: dwalsh, lvrabec, mgrepl, mmalik, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-28 14:30:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 832330    

Description Milos Malik 2013-11-08 15:52:43 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
cgdcbxd-1.0.1-2.el6.x86_64
selinux-policy-3.7.19-231.el6.noarch
selinux-policy-doc-3.7.19-231.el6.noarch
selinux-policy-minimum-3.7.19-231.el6.noarch
selinux-policy-mls-3.7.19-231.el6.noarch
selinux-policy-targeted-3.7.19-231.el6.noarch

How reproducible:
always

Steps to Reproduce:
# run_init service cgdcbxd status
Authenticating root.
Password: 
cgdcbxd is stopped
# run_init service cgdcbxd start
Authenticating root.
Password: 
Starting cgdcbxd: cgdcbx: already running pid = 4628

                                                           [  OK  ]
# run_init service cgdcbxd status
Authenticating root.
Password: 
cgdcbxd (pid  4628) is running...
# ps -efZ | grep cgdcbxd
system_u:system_r:initrc_t:s0   root      4628     1  0 16:51 ?        00:00:00 /usr/sbin/cgdcbxd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 4645 4522  0 16:51 pts/0 00:00:00 grep cgdcbxd
#

Actual results:
 * cgdcbxd runs as initrc_t

Expected results:
 * cgdcbxd runs in its own SELinux domain
Comment 7 Miroslav Grepl 2015-08-28 14:30:28 UTC 
I don't see any interaction with other domains for cgdcbxd policy. We have this policy in RHEL-7. I am going to close it as WONTFIX for RHEL-6. If it is needed for RHEL-6, please reopen the bug.