Bug 1278028 - lvmlockd runs as unconfined_service_t
lvmlockd runs as unconfined_service_t
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
:
Depends On:
Blocks: 1287739
  Show dependency treegraph
 
Reported: 2015-11-04 10:15 EST by Milos Malik
Modified: 2016-11-03 22:24 EDT (History)
6 users (show)

See Also:
Fixed In Version: selinux-policy-3.13.1-64.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1287739 (view as bug list)
Environment:
Last Closed: 2016-11-03 22:24:03 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2015-11-04 10:15:48 EST
Description of problem:
 * it should most likely run in the same domain as other LVM daemons

Version-Release number of selected component (if applicable):
lvm2-2.02.130-5.el7.x86_64
lvm2-cluster-2.02.130-5.el7.x86_64
lvm2-libs-2.02.130-5.el7.x86_64
lvm2-lockd-2.02.130-5.el7.x86_64
lvm2-python-libs-2.02.130-5.el7.x86_64
lvm2-sysvinit-2.02.130-5.el7.x86_64
selinux-policy-3.13.1-60.el7.noarch
selinux-policy-devel-3.13.1-60.el7.noarch
selinux-policy-doc-3.13.1-60.el7.noarch
selinux-policy-minimum-3.13.1-60.el7.noarch
selinux-policy-mls-3.13.1-60.el7.noarch
selinux-policy-sandbox-3.13.1-60.el7.noarch
selinux-policy-targeted-3.13.1-60.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. get a RHEL-7.2 machine with active targeted policy
2. install the lvm2-lockd package
3. service lvm2-lvmlockd start
4. check the context of lvmlockd process

Actual results:
system_u:system_r:unconfined_service_t:s0 root 4824 1  0 16:11 ?       00:00:00 /usr/sbin/lvmlockd -f

Expected results:
system_u:system_r:lvm_t:s0 root 4824 1  0 16:11 ?       00:00:00 /usr/sbin/lvmlockd -f

Additional info:
# matchpathcon `which lvmlockd`
/usr/sbin/lvmlockd	system_u:object_r:bin_t:s0
#
Comment 1 Lukas Vrabec 2015-12-03 07:07:57 EST
Fixed in Fedora:
commit bc09818bb7b2203edcd0ce9f0bd3f10b79159dc5
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Thu Dec 3 12:39:18 2015 +0100

    Label /usr/sbin/lvmlockd binary file as lvm_exec_t. BZ(1287739)
Comment 2 Lukas Vrabec 2016-02-29 11:39:19 EST
commit 91d25621d4a5d2d12fefce6ddb083b72604d198e
Author: Lukas Vrabec <lvrabec@redhat.com>
Date:   Thu Dec 3 12:39:18 2015 +0100

    Label /usr/sbin/lvmlockd binary file as lvm_exec_t.
    Resolves: rhbz#1278028
Comment 6 errata-xmlrpc 2016-11-03 22:24:03 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2283.html

Note You need to log in before you can comment on or make changes to this bug.