Description of problem: Version-Release number of selected component (if applicable): selinux-policy-minimum-2.4.6-331.el5 selinux-policy-devel-2.4.6-331.el5 selinux-policy-targeted-2.4.6-331.el5 selinux-policy-2.4.6-331.el5 selinux-policy-strict-2.4.6-331.el5 selinux-policy-mls-2.4.6-331.el5 isns-utils-0.93-1.0.el5 How reproducible: always Steps to Reproduce: # run_init service isnsd status Authenticating root. Password: isnsd is stopped # run_init service isnsd start Authenticating root. Password: Starting iSNS Server: [ OK ] # ps -efZ | grep isnsd user_u:system_r:initrc_t root 14572 1 0 13:05 ? 00:00:00 isnsd root:system_r:unconfined_t:SystemLow-SystemHigh root 14575 2823 0 13:05 pts/0 00:00:00 grep isnsd # Actual results: * isnsd runs as initrc_t Expected results: * isnsd runs in its own SELinux domain
I believe we should stay with initrc_t for all these services for RHEL5. Basically I can backport policies but we would need to make this policy as unconfined. Also we don't see any issues with these services running as initrc.