+++ This bug was initially created as a clone of Bug #627984 +++ Description of problem: With fresh installation of Spacewalk 1.1 on RHEL 5.5, the jabberd processes do not seem to be properly confined. Version-Release number of selected component (if applicable): # rpm -qa | grep jabber | sort jabberd-2.2.8-2.el5 jabberd-selinux-1.4.8-1.el5 jabberpy-0.5-0.17.el5 spacewalk-setup-jabberd-1.1.1-1.el5 # semodule -l | grep jabber jabber 1.4.8.1 How reproducible: Deterministic. Steps to Reproduce: 1. Install Spacewalk 1.1. 2. Run /bin/ps -eZ | /bin/egrep "initrc" Actual results: # /bin/ps -eZ | /bin/egrep "initrc" system_u:system_r:initrc_t 2743 ? 00:00:00 router system_u:system_r:initrc_t 2767 ? 00:00:00 sm system_u:system_r:initrc_t 2791 ? 00:00:00 c2s system_u:system_r:initrc_t 2815 ? 00:00:00 s2s system_u:system_r:initrc_t 2878 ? 00:00:00 rhnsearchd system_u:system_r:initrc_t 2926 ? 00:00:00 rhnsd system_u:system_r:initrc_t 3092 ? 00:00:00 cobblerd system_u:system_r:initrc_t 3155 ? 00:00:00 taskomaticd Expected results: The router, sm, c2s, and s2s processes should be running as jabberd_t, not initrc_t. Additional info: The issue is caused by the fact that we have moved to jabberd 2.2 and presumably something is different there. --- Additional comment from jpazdziora on 2010-08-27 11:07:46 EDT --- We probably should just take the policy from latest Fedoras to match the version of the policy to the version of the jabberd. --- Additional comment from jpazdziora on 2010-08-30 04:46:49 EDT --- Filed Fedora selinux-policy bug 628495 as we want to mimick as much of the policy as possible, and on Fedoras we use the stock policy module for jabberd anyway.
Cloning for Satellite.
Taking.
Fixed in Spacewalk master, commits 508c7dff89e29179e76e7380bd9e1bc6e2d22e10, b1beb36b00cbafc5e0cde00762484927e7af0a9c, c9d9353744d6a92e9e1d2b2ec6d8fad1b55c566c, and 67e9553fda810deb24464b8d98cd932dd37bcd18. Cherry picked to Satellite master, commits b0fb6d5eb0af1a6e42e4d9ee68808ed2cac27cec, 3fd0dd675f24855170b1580e49f08e40a3ef8a2a, 62f75ed7ea0214866c8be180eec0f48741a64f2a, and 669c8088336ac398347d0ecf9ddd6e720f2f08b7. Tagged and built as jabberd-selinux-1.4.9-2.
[root@tyan-gt24-03 ~]# /bin/ps -eZ | /bin/egrep "initrc" system_u:system_r:initrc_t 3783 ? 00:00:00 beah-beaker-bac system_u:system_r:initrc_t 3827 ? 00:00:00 beah-fwd-backen system_u:system_r:initrc_t 3864 ? 00:00:00 beah-srv system_u:system_r:initrc_t 4454 ? 00:00:00 beah-rhts-task root:system_r:initrc_t 24483 ? 00:00:01 cobblerd [root@tyan-gt24-03 ~]# /bin/ps -eZ | /bin/egrep "jabberd" root:system_r:jabberd_t 23354 ? 00:00:00 router root:system_r:jabberd_t 23386 ? 00:00:00 sm root:system_r:jabberd_t 23418 ? 00:00:00 c2s root:system_r:jabberd_t 23450 ? 00:00:00 s2s verified in stage
The 5.4.0 RHN Satellite and RHN Proxy release has occurred. This issue has been resolved with this release. RHEA-2010:0801 - RHN Satellite Server 5.4.0 Upgrade https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10332 RHEA-2010:0803 - RHN Tools enhancement update https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10333 RHEA-2010:0802 - RHN Proxy Server 5.4.0 bug fix update https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10334 RHEA-2010:0800 - RHN Satellite Server 5.4.0 https://rhn.redhat.com/rhn/errata/details/Details.do?eid=10335 Docs are available: http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/index.html Regards, Clifford