Hide Forgot
+++ This bug was initially created as a clone of Bug #953602 +++ Description of problem: Version-Release number of selected component (if applicable): selinux-policy-targeted-3.12.1-29.el7.noarch selinux-policy-devel-3.12.1-29.el7.noarch selinux-policy-doc-3.12.1-29.el7.noarch selinux-policy-mls-3.12.1-29.el7.noarch selinux-policy-minimum-3.12.1-29.el7.noarch selinux-policy-3.12.1-29.el7.noarch openhpi-libs-3.2.0-2.el7.x86_64 openhpi-3.2.0-2.el7.x86_64 openhpi-devel-3.2.0-2.el7.x86_64 How reproducible: always Steps to Reproduce: # service openhpid stop Redirecting to /bin/systemctl stop openhpid.service # service openhpid start Redirecting to /bin/systemctl start openhpid.service # ps -efZ | grep initrc_t system_u:system_r:initrc_t:s0 root 7337 1 0 17:30 ? 00:00:00 /usr/sbin/openhpid -c /etc/openhpi/openhpi.conf unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 7348 1293 0 17:30 pts/0 00:00:00 grep --color=auto initrc_t # Actual results: * openhpid runs as initrc_t Expected results: * openhpid runs in its own SELinux domain --- Additional comment from Milos Malik on 2013-07-09 08:28:36 EDT --- No signs of openhpi policy: # rpm -qa selinux-policy\* selinux-policy-minimum-3.12.1-59.el7.noarch selinux-policy-mls-3.12.1-59.el7.noarch selinux-policy-3.12.1-59.el7.noarch selinux-policy-doc-3.12.1-59.el7.noarch selinux-policy-devel-3.12.1-59.el7.noarch selinux-policy-targeted-3.12.1-59.el7.noarch # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 # semanage fcontext -l | grep openhpi # seinfo -t | grep openhpi openhpid_client_packet_t openhpid_port_t openhpid_server_packet_t # matchpathcon `which openhpid` /usr/sbin/openhpid system_u:object_r:bin_t:s0 # --- Additional comment from Miroslav Grepl on 2013-07-10 04:39:00 EDT --- You are right. commit 7b825b25b3cd953d92ebfc567f03589fbe4cc683 Author: Miroslav Grepl <mgrepl@redhat.com> Date: Wed Jul 10 10:38:15 2013 +0200 Activate openhpid policy
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html