Bug 190323 - initrc_context file should have initrc_t
initrc_context file should have initrc_t
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-05-01 02:39 EDT by Russell Coker
Modified: 2008-01-30 14:06 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:06:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Russell Coker 2006-05-01 02:39:20 EDT
Description of problem:

In RHEL4 the run_init program does not work.  It incorrectly specifies 
unconfined_t as the domain for it's child process thus overriding the 
domain_auto_trans() rule for initrc_exec_t and thus prevents a daemon started 
with it from running in the correct context.  This means that the 
command "run_init service httpd restart" will result in the httpd processes 
running in the unconfined_t domain.

This is normally not a problem as run_init is not needed in the supported 
configuration and is generally not used in the targeted policy.

But to avoid user confusion I believe that we need to fix this as a low 
priority issue in an update (this issue does not deserve it's own update but 
is worth tagging on to another more important issue).

The solution is to replace unconfined_t with initrc_t in the 
file /etc/selinux/targeted/contexts/initrc_context (making such a change 
manually can be used as a work-around for anyone who wants it fixed now).

Fixing this issue has no possibility of breaking any supported functionality.
Comment 2 Daniel Walsh 2006-05-09 12:02:36 EDT
Fixed in selinux-policy-targeted-1.17.30-2.134
Comment 3 Daniel Walsh 2008-01-30 14:06:17 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.