Bug 1030277
| Summary: | rasdaemon runs as init_t | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | lvrabec, mgrepl |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.12.1-114.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 12:22:04 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 877026 | ||
| Bug Blocks: | 848829, 1042721 | ||
commit bedb9683dc0e81ec79cb5e8adc31a6da9f06cf3b
Author: Lukas Vrabec <lvrabec>
Date: Thu Nov 21 17:30:47 2013 +0100
Added new policy for rasdaemon
commit 1a75c671b9ca1138b571615242fb8b4f065f8327
Author: Lukas Vrabec <lvrabec>
Date: Tue Dec 3 15:29:57 2013 +0100
Allow manage dirs in kernel_manage_debugfs interface.
Fixed bug with creating debugfs dirs.
Aristeu, Thank you. I'll add dontaudit rule here. Has been already added. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: Version-Release number of selected component (if applicable): rasdaemon-0.4.1-5.el7.x86_64 selinux-policy-3.12.1-99.el7.noarch selinux-policy-devel-3.12.1-99.el7.noarch selinux-policy-doc-3.12.1-99.el7.noarch selinux-policy-minimum-3.12.1-99.el7.noarch selinux-policy-mls-3.12.1-99.el7.noarch selinux-policy-targeted-3.12.1-99.el7.noarch How reproducible: always Steps to Reproduce: # ps -efZ | grep rasdaemon unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 15278 2470 0 10:36 pts/0 00:00:00 grep --color=auto rasdaemon # service rasdaemon start Redirecting to /bin/systemctl start rasdaemon.service # service rasdaemon status Redirecting to /bin/systemctl status rasdaemon.service rasdaemon.service - RAS daemon to log the RAS events Loaded: loaded (/usr/lib/systemd/system/rasdaemon.service; disabled) Active: active (running) since Thu 2013-11-14 10:37:03 CET; 2s ago Main PID: 15291 (rasdaemon) CGroup: /system.slice/rasdaemon.service └─15291 /usr/sbin/rasdaemon -f Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: Can't get tra... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: ras:aer_event event enabled Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: ras:aer_event... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: Enabled event ras:aer_event Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: Enabled event... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: mce:mce_record event ena... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: mce:mce_recor... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: Enabled event mce:mce_re... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: Enabled event... Nov 14 10:37:03 rhel70.localdomain rasdaemon[15291]: rasdaemon: Listening to ... Hint: Some lines were ellipsized, use -l to show in full. # ps -efZ | grep rasdaemon system_u:system_r:init_t:s0 root 15291 1 0 10:37 ? 00:00:00 /usr/sbin/rasdaemon -f unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 15304 2470 0 10:37 pts/0 00:00:00 grep --color=auto rasdaemon # Actual results: * rasdaemon runs as init_t Expected results: * rasdaemon runs in its own SELinux domain