Red Hat Bugzilla – Bug 848744
gatherd and reposd run as initrc_t
Last modified: 2012-09-22 03:26:53 EDT
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
# run_init service gatherer status
gatherd is stopped
reposd is stopped
# run_init service gatherer start
Starting gatherd: [ OK ]
Starting reposd: [ OK ]
# ps -efZ | grep -e reposd -e gatherd
user_u:system_r:initrc_t root 12534 1 0 12:40 ? 00:00:00 gatherd
user_u:system_r:initrc_t root 12539 1 0 12:40 ? 00:00:00 reposd
root:system_r:unconfined_t:SystemLow-SystemHigh root 12607 2823 0 12:40 pts/0 00:00:00 grep -e reposd -e gatherd
* both gatherd and reposd run as initrc_t
* both gatherd and reposd run in its own SELinux domain
I believe we should stay with initrc_t for all these services for RHEL5.
Basically I can backport policies but we would need to make this policy as unconfined.
Also we don't see any issues with these services running as initrc.