Bug 1000521 – openhpid runs as initrc_t

Bug 1000521 - openhpid runs as initrc_t

Summary:	openhpid runs as initrc_t

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy (Show other bugs)
Sub Component:
Version:	6.5
Hardware:	All Linux

Priority	urgent Severity urgent
Target Milestone:	rc
Target Release:	---
Assigned To:	Miroslav Grepl
QA Contact:	Milos Malik
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	832330 927897
	Show dependency tree / graph

Reported:	2013-08-23 10:53 EDT by Miroslav Grepl
Modified:	2015-11-02 08:42 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:	selinux-policy-3.7.19-213.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	953602
Environment:
Last Closed:	2013-11-21 05:49:56 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Miroslav Grepl 2013-08-23 10:53:25 EDT

+++ This bug was initially created as a clone of Bug #953602 +++

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.12.1-29.el7.noarch
selinux-policy-devel-3.12.1-29.el7.noarch
selinux-policy-doc-3.12.1-29.el7.noarch
selinux-policy-mls-3.12.1-29.el7.noarch
selinux-policy-minimum-3.12.1-29.el7.noarch
selinux-policy-3.12.1-29.el7.noarch
openhpi-libs-3.2.0-2.el7.x86_64
openhpi-3.2.0-2.el7.x86_64
openhpi-devel-3.2.0-2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# service openhpid stop
Redirecting to /bin/systemctl stop  openhpid.service
# service openhpid start
Redirecting to /bin/systemctl start  openhpid.service
# ps -efZ | grep initrc_t
system_u:system_r:initrc_t:s0   root      7337     1  0 17:30 ?        00:00:00 /usr/sbin/openhpid -c /etc/openhpi/openhpi.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 7348 1293  0 17:30 pts/0 00:00:00 grep --color=auto initrc_t
#
 
Actual results:
* openhpid runs as initrc_t

Expected results:
* openhpid runs in its own SELinux domain

--- Additional comment from Milos Malik on 2013-07-09 08:28:36 EDT ---

No signs of openhpi policy:

# rpm -qa selinux-policy\*
selinux-policy-minimum-3.12.1-59.el7.noarch
selinux-policy-mls-3.12.1-59.el7.noarch
selinux-policy-3.12.1-59.el7.noarch
selinux-policy-doc-3.12.1-59.el7.noarch
selinux-policy-devel-3.12.1-59.el7.noarch
selinux-policy-targeted-3.12.1-59.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
# semanage fcontext -l | grep openhpi
# seinfo -t | grep openhpi
   openhpid_client_packet_t
   openhpid_port_t
   openhpid_server_packet_t
# matchpathcon `which openhpid`
/usr/sbin/openhpid	system_u:object_r:bin_t:s0
#

--- Additional comment from Miroslav Grepl on 2013-07-10 04:39:00 EDT ---

You are right.

commit 7b825b25b3cd953d92ebfc567f03589fbe4cc683
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Wed Jul 10 10:38:15 2013 +0200

    Activate openhpid policy

Comment 2 errata-xmlrpc 2013-11-21 05:49:56 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html

Note You need to log in before you can comment on or make changes to this bug.