Bug 190323

Summary: initrc_context file should have initrc_t
Product: Red Hat Enterprise Linux 4 Reporter: Russell Coker <rcoker>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-30 19:06:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Russell Coker 2006-05-01 06:39:20 UTC 
Description of problem:

In RHEL4 the run_init program does not work.  It incorrectly specifies 
unconfined_t as the domain for it's child process thus overriding the 
domain_auto_trans() rule for initrc_exec_t and thus prevents a daemon started 
with it from running in the correct context.  This means that the 
command "run_init service httpd restart" will result in the httpd processes 
running in the unconfined_t domain.

This is normally not a problem as run_init is not needed in the supported 
configuration and is generally not used in the targeted policy.

But to avoid user confusion I believe that we need to fix this as a low 
priority issue in an update (this issue does not deserve it's own update but 
is worth tagging on to another more important issue).

The solution is to replace unconfined_t with initrc_t in the 
file /etc/selinux/targeted/contexts/initrc_context (making such a change 
manually can be used as a work-around for anyone who wants it fixed now).

Fixing this issue has no possibility of breaking any supported functionality.
Comment 2 Daniel Walsh 2006-05-09 16:02:36 UTC 
Fixed in selinux-policy-targeted-1.17.30-2.134
Comment 3 Daniel Walsh 2008-01-30 19:06:17 UTC 
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.