Bug 1000521 - openhpid runs as initrc_t
Summary: openhpid runs as initrc_t
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.5
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks: 832330 927897
TreeView+ depends on / blocked
 
Reported: 2013-08-23 14:53 UTC by Miroslav Grepl
Modified: 2015-11-02 13:42 UTC (History)
2 users (show)

Fixed In Version: selinux-policy-3.7.19-213.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 953602
Environment:
Last Closed: 2013-11-21 10:49:56 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1598 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2013-11-20 21:39:24 UTC

Description Miroslav Grepl 2013-08-23 14:53:25 UTC 
+++ This bug was initially created as a clone of Bug #953602 +++

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.12.1-29.el7.noarch
selinux-policy-devel-3.12.1-29.el7.noarch
selinux-policy-doc-3.12.1-29.el7.noarch
selinux-policy-mls-3.12.1-29.el7.noarch
selinux-policy-minimum-3.12.1-29.el7.noarch
selinux-policy-3.12.1-29.el7.noarch
openhpi-libs-3.2.0-2.el7.x86_64
openhpi-3.2.0-2.el7.x86_64
openhpi-devel-3.2.0-2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# service openhpid stop
Redirecting to /bin/systemctl stop  openhpid.service
# service openhpid start
Redirecting to /bin/systemctl start  openhpid.service
# ps -efZ | grep initrc_t
system_u:system_r:initrc_t:s0   root      7337     1  0 17:30 ?        00:00:00 /usr/sbin/openhpid -c /etc/openhpi/openhpi.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 7348 1293  0 17:30 pts/0 00:00:00 grep --color=auto initrc_t
#
 
Actual results:
* openhpid runs as initrc_t

Expected results:
* openhpid runs in its own SELinux domain

--- Additional comment from Milos Malik on 2013-07-09 08:28:36 EDT ---

No signs of openhpi policy:

# rpm -qa selinux-policy\*
selinux-policy-minimum-3.12.1-59.el7.noarch
selinux-policy-mls-3.12.1-59.el7.noarch
selinux-policy-3.12.1-59.el7.noarch
selinux-policy-doc-3.12.1-59.el7.noarch
selinux-policy-devel-3.12.1-59.el7.noarch
selinux-policy-targeted-3.12.1-59.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
# semanage fcontext -l | grep openhpi
# seinfo -t | grep openhpi
   openhpid_client_packet_t
   openhpid_port_t
   openhpid_server_packet_t
# matchpathcon `which openhpid`
/usr/sbin/openhpid	system_u:object_r:bin_t:s0
#

--- Additional comment from Miroslav Grepl on 2013-07-10 04:39:00 EDT ---

You are right.

commit 7b825b25b3cd953d92ebfc567f03589fbe4cc683
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Wed Jul 10 10:38:15 2013 +0200

    Activate openhpid policy
Comment 2 errata-xmlrpc 2013-11-21 10:49:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html
Note You need to log in before you can comment on or make changes to this bug.