Bug 1255305 - systemd-machined is not confined
Summary: systemd-machined is not confined
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Vit Mojzis
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 1236580
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-20 09:06 UTC by Lukas Vrabec
Modified: 2015-12-16 13:43 UTC (History)
9 users (show)

Fixed In Version: selinux-policy-3.13.1-152.fc24
Clone Of: 1236580
Environment:
Last Closed: 2015-12-16 13:43:41 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Lukas Vrabec 2015-08-20 09:06:39 UTC 
+++ This bug was initially created as a clone of Bug #1236580 +++

Description of problem:

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-29.el7.noarch
selinux-policy-devel-3.13.1-29.el7.noarch
selinux-policy-doc-3.13.1-29.el7.noarch
selinux-policy-minimum-3.13.1-29.el7.noarch
selinux-policy-mls-3.13.1-29.el7.noarch
selinux-policy-sandbox-3.13.1-29.el7.noarch
selinux-policy-targeted-3.13.1-29.el7.noarch
systemd-219-4.el7.x86_64
systemd-journal-gateway-219-4.el7.x86_64
systemd-libs-219-4.el7.x86_64
systemd-networkd-219-4.el7.x86_64
systemd-python-219-4.el7.x86_64
systemd-resolved-219-4.el7.x86_64
systemd-sysv-219-4.el7.x86_64

How reproducible:
always

Steps to Reproduce:
# ps -efZ | grep systemd-machined
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 26441 2171  0 15:13 pts/0 00:00:00 grep --color=auto systemd-machined
# service systemd-machined start
Redirecting to /bin/systemctl start  systemd-machined.service
# ps -efZ | grep systemd-machined
system_u:system_r:init_t:s0     root     26467     1  0 15:13 ?        00:00:00 /usr/lib/systemd/systemd-machined
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 26505 2171  0 15:13 pts/0 00:00:00 grep --color=auto systemd-machined
#

Actual results:
 * there is no policy for systemd-machined

Expected results:
 * there is a policy for systemd-machined
Comment 2 Vit Mojzis 2015-10-08 12:13:58 UTC 
commit 344f035ba1609f779b5c75c97542d2a6845bea64
Merge: 5cf36bf f7a6cd1
Author: Miroslav Grepl <mgrepl>
Date:   Thu Oct 8 12:40:09 2015 +0200

    Merge pull request #46 from vmojzis/rawhide-contrib
    
    Allow NetworkManager_t and policykit_t read access to systemd-machined pid files.

commit f7a6cd1c06e7fe0f49a735c49b21996d99e8b00a
Author: Vit Mojzis <vmojzis>
Date:   Wed Oct 7 14:21:54 2015 +0200

    Allow NetworkManager_t and policykit_t read access to systemd-machined pid files. #1255305

commit 8ea12650558db425236e884ebeae5112eaf0154e
Merge: 5aad18c e3c6831
Author: Miroslav Grepl <mgrepl>
Date:   Thu Oct 1 16:46:56 2015 +0200

    Merge pull request #44 from vmojzis/rawhide-base
    
    New policy for systemd-machined. BZ #1255305

commit e3c6831d92e0ece09f43adb25f493dbd88f57949
Author: Vit Mojzis <vmojzis>
Date:   Thu Oct 1 16:01:31 2015 +0200

    New policy for systemd-machined. #1255305

commit f68c01d57eadc5016a0055678f324d387526e7e0
Merge: a69c8b6 bd3366a
Author: Miroslav Grepl <mgrepl>
Date:   Mon Sep 21 23:46:13 2015 +0200

    Merge pull request #37 from vmojzis/rawhide-contrib
    
    Add interface allowing sending and receiving messages from virt over dbus

commit bd3366a1e714c650b5c8bca542bb5e0994ceaf60
Author: Vit Mojzis <vmojzis>
Date:   Fri Sep 11 11:18:27 2015 +0200

    Add interface allowing sending and receiving messages from virt over dbus.
    
    Signed-off-by: Vit Mojzis <vmojzis>
Comment 3 Lukas Vrabec 2015-10-08 13:24:51 UTC 
Thank you.
Note You need to log in before you can comment on or make changes to this bug.