Bug 1040654
| Summary: | osad runs as initrc_t | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | lvrabec, mminar, riehecky |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.12.1-124.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 11:05:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 877026 | ||
| Bug Blocks: | 848829 | ||
commit 2be62957020b1176e7cd3f2a1611ace667d70921
Author: Lukas Vrabec <lvrabec>
Date: Mon Feb 3 10:08:51 2014 +0100
Added osad policy
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: osad uses too powerful SELinux domain Version-Release number of selected component (if applicable): osad-5.11.27-1.el7sat.noarch selinux-policy-3.12.1-109.el7.noarch selinux-policy-targeted-3.12.1-109.el7.noarch How reproducible: always Steps to Reproduce: # service osad status osad.service - LSB: This shell script starts the osad daemon Loaded: loaded (/etc/rc.d/init.d/osad) Active: inactive (dead) since Wed 2013-12-11 13:53:51 EST; 44min ago Process: 17800 ExecStop=/etc/rc.d/init.d/osad stop (code=exited, status=0/SUCCESS) Process: 16898 ExecStart=/etc/rc.d/init.d/osad start (code=exited, status=0/SUCCESS) Dec 11 13:53:42 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Starting LSB: T... Dec 11 13:53:42 x86-64-v12.lab.eng.brq.redhat.com osad[16898]: Starting osad:... Dec 11 13:53:42 x86-64-v12.lab.eng.brq.redhat.com osad[16898]: [ OK ] Dec 11 13:53:42 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Started LSB: Th... Dec 11 13:53:51 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Stopping LSB: T... Dec 11 13:53:51 x86-64-v12.lab.eng.brq.redhat.com osad[17800]: Shutting down ... Dec 11 13:53:51 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Stopped LSB: Th... Hint: Some lines were ellipsized, use -l to show in full. # service osad start Starting osad (via systemctl): [ OK ] # service osad status osad.service - LSB: This shell script starts the osad daemon Loaded: loaded (/etc/rc.d/init.d/osad) Active: active (running) since Wed 2013-12-11 14:37:59 EST; 1s ago Process: 17800 ExecStop=/etc/rc.d/init.d/osad stop (code=exited, status=0/SUCCESS) Process: 18652 ExecStart=/etc/rc.d/init.d/osad start (code=exited, status=0/SUCCESS) CGroup: /system.slice/osad.service └─18655 /usr/bin/python /usr/sbin/osad --pid-file /var/run/osad.pi... Dec 11 14:37:59 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Starting LSB: T... Dec 11 14:37:59 x86-64-v12.lab.eng.brq.redhat.com osad[18652]: Starting osad:... Dec 11 14:37:59 x86-64-v12.lab.eng.brq.redhat.com osad[18652]: [ OK ] Dec 11 14:37:59 x86-64-v12.lab.eng.brq.redhat.com systemd[1]: Started LSB: Th... Hint: Some lines were ellipsized, use -l to show in full. # ps -efZ | grep osad system_u:system_r:initrc_t:s0 root 18655 1 0 14:37 ? 00:00:00 /usr/bin/python /usr/sbin/osad --pid-file /var/run/osad.pid unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 18673 5980 0 14:38 pts/0 00:00:00 grep --color=auto osad # Actual results: * osad runs as initrc_t Expected results: * osad runs in its own SELinux domain