+++ This bug was initially created as a clone of Bug #1212324 +++ Description of problem: * sanlk-resetd is not yet confined Version-Release number of selected component (if applicable): sanlk-reset-3.2.2-2.el7.x86_64 sanlock-3.2.2-2.el7.x86_64 sanlock-lib-3.2.2-2.el7.x86_64 sanlock-python-3.2.2-2.el7.x86_64 selinux-policy-3.13.1-24.el7.noarch selinux-policy-devel-3.13.1-24.el7.noarch selinux-policy-doc-3.13.1-24.el7.noarch selinux-policy-minimum-3.13.1-24.el7.noarch selinux-policy-mls-3.13.1-24.el7.noarch selinux-policy-sandbox-3.13.1-24.el7.noarch selinux-policy-targeted-3.13.1-24.el7.noarch How reproducible: always Steps to Reproduce: # ps -efZ | grep reset unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 3228 1900 0 09:35 pts/0 00:00:00 grep --color=auto reset # service sanlk-resetd start Redirecting to /bin/systemctl start sanlk-resetd.service # ps -efZ | grep reset system_u:system_r:unconfined_service_t:s0 root 3247 1 0 09:35 ? 00:00:00 /usr/sbin/sanlk-resetd unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 3251 1900 0 09:35 pts/0 00:00:00 grep --color=auto reset # service sanlk-resetd status Redirecting to /bin/systemctl status sanlk-resetd.service sanlk-resetd.service - daemon for host reset Loaded: loaded (/usr/lib/systemd/system/sanlk-resetd.service; disabled) Active: active (running) since Thu 2015-04-16 09:35:13 CEST; 34s ago Process: 3246 ExecStart=/usr/sbin/sanlk-resetd (code=exited, status=0/SUCCESS) Main PID: 3247 (sanlk-resetd) CGroup: /system.slice/sanlk-resetd.service └─3247 /usr/sbin/sanlk-resetd Apr 16 09:35:13 rhel71.localdomain systemd[1]: Started daemon for host reset. Apr 16 09:35:13 rhel71.localdomain sanlk-resetd[3247]: sanlk-resetd 3.2.2 sta... Hint: Some lines were ellipsized, use -l to show in full. # Actual results: * sanlk-resetd runs as unconfined_service_t Expected results: * sanlk-resetd runs in a dedicated domain --- Additional comment from Miroslav Grepl on 2015-04-22 04:09:23 EDT --- Does it come from the base installation? --- Additional comment from Milos Malik on 2015-04-22 04:16:45 EDT --- # rpm -qf /usr/sbin/sanlk-resetd sanlk-reset-3.2.2-2.el7.x86_64 # repoquery -qi sanlk-reset Name : sanlk-reset Version : 3.2.2 Release : 2.el7 Architecture: x86_64 Size : 46119 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Group : System Environment/Base URL : https://fedorahosted.org/sanlock/ Repository : RHEL-7.1-Server-Optional Summary : Host reset daemon and client using sanlock Source : sanlock-3.2.2-2.el7.src.rpm Description : The sanlk-reset package contains the reset daemon and client. A cooperating host running the daemon can be reset by a host running the client, so long as both maintain access to a common sanlock lockspace. #
commit c8c0d5ff3aafe606d9aeb05c4f9ab850bf2da66e Author: Vit Mojzis <vmojzis> Date: Thu Sep 10 10:27:59 2015 +0200 Sanlock policy update. #1255307 - New sub-domain for sanlk-reset daemon
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle. Changing version to '24'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase
selinux-policy-3.13.1-178.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015
selinux-policy-3.13.1-178.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1350c96015
selinux-policy-3.13.1-179.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-8f142bb969
selinux-policy-3.13.1-179.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.