Bug 1273451

Summary: Need a new selinux policy type for 389-admin
Product: Red Hat Enterprise Linux 7 Reporter: mreynolds
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Eva Mrakova <emrakova>
Severity: high Docs Contact:
Priority: medium    
Version: 7.3CC: emrakova, lvrabec, mgrepl, mmalik, nhosoi, plautrba, pvrabec, ssekidde, vashirov, wibrown
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-68.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1330851 (view as bug list) Environment:
Last Closed: 2016-11-04 02:23:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1230240, 1295396, 1330851    

Description mreynolds 2015-10-20 13:08:20 UTC 
Need to introduce a new SELinux type for the 389-admin package's stop-ds-admin/start-ds-admin scripts to get httpd running as httpd_t.

---
From conversation with Miroslav Grepl

type dirsrvadmin_initrc_exec_t;
init_script_file(dirsrvadmin_initrc_exec_t)


$ ls -lZ /usr/sbin/start-ds-admin
-rwxr-xr-x. root root system_u:object_r:dirsrvadmin_initrc_exec_t:s0
/usr/sbin/start-ds-admin
Comment 4 Miroslav Grepl 2015-10-22 10:26:56 UTC 
*** Bug 1273448 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2016-01-14 09:58:20 UTC 
We already have

$ matchpathcon /usr/sbin/start-ds-admin
/usr/sbin/start-ds-admin	system_u:object_r:dirsrvadmin_exec_t:s0

in Fedora which needs to be back ported to RHEL.
Comment 6 Lukas Vrabec 2016-03-22 15:34:21 UTC 
[root@ibm-x3250m4-15 ~]#  matchpathcon /usr/sbin/start-ds-admin
/usr/sbin/start-ds-admin	system_u:object_r:dirsrvadmin_exec_t:s0


Already fixed in RHEL.
Comment 12 errata-xmlrpc 2016-11-04 02:23:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2283.html