Bug 994547

Summary: pand runs as initrc_t
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: mtruneck
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.12.1-70.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 13:17:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 877026    
Bug Blocks: 848829, 1040974    

Description Milos Malik 2013-08-07 13:37:17 UTC 
# rpm -qa selinux-policy\*
selinux-policy-targeted-3.12.1-69.el7.noarch
selinux-policy-mls-3.12.1-69.el7.noarch
selinux-policy-devel-3.12.1-69.el7.noarch
selinux-policy-minimum-3.12.1-69.el7.noarch
selinux-policy-3.12.1-69.el7.noarch
selinux-policy-doc-3.12.1-69.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
#

# cat /etc/sysconfig/pand 
#PANDARGS='--listen --role NAP'
PANDARGS='--search --cache --persist'
# service pand start
Starting pand (via systemctl):                             [  OK  ]
# service pand status
pand.service - LSB: Bluetooth Personal Area Networking Daemon.
   Loaded: loaded (/etc/rc.d/init.d/pand)
   Active: active (running) since Wed 2013-08-07 15:29:11 CEST; 2s ago
  Process: 22352 ExecStop=/etc/rc.d/init.d/pand stop (code=exited, status=0/SUCCESS)
  Process: 23754 ExecStart=/etc/rc.d/init.d/pand start (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/pand.service
           └─23757 /usr/bin/pand --search --cache --persist

Aug 07 15:29:11 rhel70 systemd[1]: Starting LSB: Bluetooth Personal Area Ne.....
Aug 07 15:29:11 rhel70 pand[23754]: Starting pand: [  OK  ]
Aug 07 15:29:11 rhel70 pand[23757]: Bluetooth PAN daemon version 4.101
Aug 07 15:29:11 rhel70 pand[23757]: Inquiring
Aug 07 15:29:11 rhel70 pand[23757]: Inquiry failed. No such device(19)
Aug 07 15:29:11 rhel70 systemd[1]: Started LSB: Bluetooth Personal Area Net.....
# ps -efZ | grep pand
system_u:system_r:initrc_t:s0   root     23757     1  0 15:29 ?        00:00:00 /usr/bin/pand --search --cache --persist
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 23775 23669  0 15:29 pts/0 00:00:00 grep --color=auto pand
#

Expected results:
 * /usr/bin/pand is labelled bluetooth_exec_t
 * pand process runs as bluetooth_t
Comment 2 Ludek Smid 2014-06-13 13:17:52 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.