Red Hat Bugzilla – Bug 190323
initrc_context file should have initrc_t
Last modified: 2008-01-30 14:06:17 EST
Description of problem:
In RHEL4 the run_init program does not work. It incorrectly specifies
unconfined_t as the domain for it's child process thus overriding the
domain_auto_trans() rule for initrc_exec_t and thus prevents a daemon started
with it from running in the correct context. This means that the
command "run_init service httpd restart" will result in the httpd processes
running in the unconfined_t domain.
This is normally not a problem as run_init is not needed in the supported
configuration and is generally not used in the targeted policy.
But to avoid user confusion I believe that we need to fix this as a low
priority issue in an update (this issue does not deserve it's own update but
is worth tagging on to another more important issue).
The solution is to replace unconfined_t with initrc_t in the
file /etc/selinux/targeted/contexts/initrc_context (making such a change
manually can be used as a work-around for anyone who wants it fixed now).
Fixing this issue has no possibility of breaking any supported functionality.
Fixed in selinux-policy-targeted-1.17.30-2.134
Bulk closing a old selinux policy bugs that were in the modified state. If the
bug is still not fixed. Please reopen.