Description of problem: Version-Release number of selected component (if applicable): selinux-policy-minimum-2.4.6-331.el5 selinux-policy-devel-2.4.6-331.el5 selinux-policy-targeted-2.4.6-331.el5 selinux-policy-2.4.6-331.el5 selinux-policy-strict-2.4.6-331.el5 selinux-policy-mls-2.4.6-331.el5 scsi-target-utils-1.0.14-2.el5 How reproducible: always Steps to Reproduce: # run_init service tgtd status Authenticating root. Password: tgtd is stopped # run_init service tgtd start Authenticating root. Password: Starting SCSI target daemon: Starting target framework daemon # ps -efZ | grep tgtd user_u:system_r:initrc_t root 23211 1 0 14:48 ? 00:00:00 tgtd user_u:system_r:initrc_t root 23212 23211 0 14:48 ? 00:00:00 tgtd root:system_r:unconfined_t:SystemLow-SystemHigh root 23223 2823 0 14:48 pts/0 00:00:00 grep tgtd # Actual results: * tgtd runs as initrc_t Expected results: * tgtd runs in its own SELinux domain
I believe we should stay with initrc_t for all these services for RHEL5. Basically I can backport policies but we would need to make this policy as unconfined. Also we don't see any issues with these services running as initrc.