Bug 799302

Summary: rhui-manager running unconfined
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: wes hayutin <whayutin>
Component: RHUAAssignee: John Matthews <jmatthew>
Status: CLOSED NOTABUG QA Contact: wes hayutin <whayutin>
Severity: high Docs Contact:
Priority: unspecified    
Version: 2.0.2CC: dwalsh, jslagle, kbidarka, sghai, tsanders
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-02 15:59:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description wes hayutin 2012-03-02 12:48:59 UTC 
Description of problem:

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 8924 pts/2 S+   0:03 /usr/bin/python /usr/bin/rhui-manager

[root@ip-10-252-79-12 RHUIall]# rpm -qa | grep  rhui
rh-rhui-tools-2.0.59-1.el6.noarch
rh-amazon-rhui-client-2.2.38-1.el6.noarch
[root@ip-10-252-79-12 RHUIall]#
Comment 1 wes hayutin 2012-03-02 13:13:02 UTC 
rh-rhua-selinux-policy-0.0.6-1.el6.noarch
pulp-selinux-server-0.0.263-11.el6.noarch
Comment 2 Daniel Walsh 2012-03-02 15:59:57 UTC 
We don't tend to confine administrators tools, we allow them to run in the users domains.  If the application is run directly as root, we should run it as unconfined_t.  If the application is started via DBUS say via a non root user communicating with a privileged app, then we might want to confine it.

But I do not believe that is the case here.
Comment 3 James Slagle 2012-03-12 19:38:52 UTC 
Released in RHUI 2.0.2