Bug 1000521 - openhpid runs as initrc_t
openhpid runs as initrc_t
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy (Show other bugs)
6.5
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Miroslav Grepl
Milos Malik
:
Depends On:
Blocks: 832330 927897
  Show dependency treegraph
 
Reported: 2013-08-23 10:53 EDT by Miroslav Grepl
Modified: 2015-11-02 08:42 EST (History)
2 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-213.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 953602
Environment:
Last Closed: 2013-11-21 05:49:56 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miroslav Grepl 2013-08-23 10:53:25 EDT
+++ This bug was initially created as a clone of Bug #953602 +++

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.12.1-29.el7.noarch
selinux-policy-devel-3.12.1-29.el7.noarch
selinux-policy-doc-3.12.1-29.el7.noarch
selinux-policy-mls-3.12.1-29.el7.noarch
selinux-policy-minimum-3.12.1-29.el7.noarch
selinux-policy-3.12.1-29.el7.noarch
openhpi-libs-3.2.0-2.el7.x86_64
openhpi-3.2.0-2.el7.x86_64
openhpi-devel-3.2.0-2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# service openhpid stop
Redirecting to /bin/systemctl stop  openhpid.service
# service openhpid start
Redirecting to /bin/systemctl start  openhpid.service
# ps -efZ | grep initrc_t
system_u:system_r:initrc_t:s0   root      7337     1  0 17:30 ?        00:00:00 /usr/sbin/openhpid -c /etc/openhpi/openhpi.conf
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 7348 1293  0 17:30 pts/0 00:00:00 grep --color=auto initrc_t
#
 
Actual results:
* openhpid runs as initrc_t

Expected results:
* openhpid runs in its own SELinux domain

--- Additional comment from Milos Malik on 2013-07-09 08:28:36 EDT ---

No signs of openhpi policy:

# rpm -qa selinux-policy\*
selinux-policy-minimum-3.12.1-59.el7.noarch
selinux-policy-mls-3.12.1-59.el7.noarch
selinux-policy-3.12.1-59.el7.noarch
selinux-policy-doc-3.12.1-59.el7.noarch
selinux-policy-devel-3.12.1-59.el7.noarch
selinux-policy-targeted-3.12.1-59.el7.noarch
# sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28
# semanage fcontext -l | grep openhpi
# seinfo -t | grep openhpi
   openhpid_client_packet_t
   openhpid_port_t
   openhpid_server_packet_t
# matchpathcon `which openhpid`
/usr/sbin/openhpid	system_u:object_r:bin_t:s0
#

--- Additional comment from Miroslav Grepl on 2013-07-10 04:39:00 EDT ---

You are right.

commit 7b825b25b3cd953d92ebfc567f03589fbe4cc683
Author: Miroslav Grepl <mgrepl@redhat.com>
Date:   Wed Jul 10 10:38:15 2013 +0200

    Activate openhpid policy
Comment 2 errata-xmlrpc 2013-11-21 05:49:56 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html

Note You need to log in before you can comment on or make changes to this bug.