Description of problem: Version-Release number of selected component (if applicable): selinux-policy-minimum-2.4.6-331.el5 selinux-policy-devel-2.4.6-331.el5 selinux-policy-targeted-2.4.6-331.el5 selinux-policy-2.4.6-331.el5 selinux-policy-strict-2.4.6-331.el5 selinux-policy-mls-2.4.6-331.el5 sblim-gather-2.2.3-49.el5 How reproducible: always Steps to Reproduce: # run_init service gatherer status Authenticating root. Password: gatherd is stopped reposd is stopped # run_init service gatherer start Authenticating root. Password: Starting gatherd: [ OK ] Starting reposd: [ OK ] # ps -efZ | grep -e reposd -e gatherd user_u:system_r:initrc_t root 12534 1 0 12:40 ? 00:00:00 gatherd user_u:system_r:initrc_t root 12539 1 0 12:40 ? 00:00:00 reposd root:system_r:unconfined_t:SystemLow-SystemHigh root 12607 2823 0 12:40 pts/0 00:00:00 grep -e reposd -e gatherd # Actual results: * both gatherd and reposd run as initrc_t Expected results: * both gatherd and reposd run in its own SELinux domain
I believe we should stay with initrc_t for all these services for RHEL5. Basically I can backport policies but we would need to make this policy as unconfined. Also we don't see any issues with these services running as initrc.