Bug 1255305

Summary: systemd-machined is not confined
Product: [Fedora] Fedora Reporter: Lukas Vrabec <lvrabec>
Component: selinux-policyAssignee: Vit Mojzis <vmojzis>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dominick.grift, dwalsh, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde, vmojzis
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-152.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1236580 Environment:
Last Closed: 2015-12-16 13:43:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1236580    
Bug Blocks:    

Description Lukas Vrabec 2015-08-20 09:06:39 UTC 
+++ This bug was initially created as a clone of Bug #1236580 +++

Description of problem:

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-29.el7.noarch
selinux-policy-devel-3.13.1-29.el7.noarch
selinux-policy-doc-3.13.1-29.el7.noarch
selinux-policy-minimum-3.13.1-29.el7.noarch
selinux-policy-mls-3.13.1-29.el7.noarch
selinux-policy-sandbox-3.13.1-29.el7.noarch
selinux-policy-targeted-3.13.1-29.el7.noarch
systemd-219-4.el7.x86_64
systemd-journal-gateway-219-4.el7.x86_64
systemd-libs-219-4.el7.x86_64
systemd-networkd-219-4.el7.x86_64
systemd-python-219-4.el7.x86_64
systemd-resolved-219-4.el7.x86_64
systemd-sysv-219-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# ps -efZ | grep systemd-machined
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 26441 2171  0 15:13 pts/0 00:00:00 grep --color=auto systemd-machined
# service systemd-machined start
Redirecting to /bin/systemctl start  systemd-machined.service
# ps -efZ | grep systemd-machined
system_u:system_r:init_t:s0     root     26467     1  0 15:13 ?        00:00:00 /usr/lib/systemd/systemd-machined
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 26505 2171  0 15:13 pts/0 00:00:00 grep --color=auto systemd-machined
#

Actual results:
 * there is no policy for systemd-machined

Expected results:
 * there is a policy for systemd-machined
Comment 2 Vit Mojzis 2015-10-08 12:13:58 UTC 
commit 344f035ba1609f779b5c75c97542d2a6845bea64
Merge: 5cf36bf f7a6cd1
Author: Miroslav Grepl <mgrepl>
Date:   Thu Oct 8 12:40:09 2015 +0200

    Merge pull request #46 from vmojzis/rawhide-contrib
    
    Allow NetworkManager_t and policykit_t read access to systemd-machined pid files.

commit f7a6cd1c06e7fe0f49a735c49b21996d99e8b00a
Author: Vit Mojzis <vmojzis>
Date:   Wed Oct 7 14:21:54 2015 +0200

    Allow NetworkManager_t and policykit_t read access to systemd-machined pid files. #1255305

commit 8ea12650558db425236e884ebeae5112eaf0154e
Merge: 5aad18c e3c6831
Author: Miroslav Grepl <mgrepl>
Date:   Thu Oct 1 16:46:56 2015 +0200

    Merge pull request #44 from vmojzis/rawhide-base
    
    New policy for systemd-machined. BZ #1255305

commit e3c6831d92e0ece09f43adb25f493dbd88f57949
Author: Vit Mojzis <vmojzis>
Date:   Thu Oct 1 16:01:31 2015 +0200

    New policy for systemd-machined. #1255305

commit f68c01d57eadc5016a0055678f324d387526e7e0
Merge: a69c8b6 bd3366a
Author: Miroslav Grepl <mgrepl>
Date:   Mon Sep 21 23:46:13 2015 +0200

    Merge pull request #37 from vmojzis/rawhide-contrib
    
    Add interface allowing sending and receiving messages from virt over dbus

commit bd3366a1e714c650b5c8bca542bb5e0994ceaf60
Author: Vit Mojzis <vmojzis>
Date:   Fri Sep 11 11:18:27 2015 +0200

    Add interface allowing sending and receiving messages from virt over dbus.
    
    Signed-off-by: Vit Mojzis <vmojzis>
Comment 3 Lukas Vrabec 2015-10-08 13:24:51 UTC 
Thank you.