Bug 516238

Summary:	selinux-nut-2.20140311-r3 & sys-power/nut-2.6.5-r1: upsdrv running as system_u:system_r:initrc_t
Product:	Gentoo Linux	Reporter:	Vincent Brillault <gentoo>
Component:	SELinux	Assignee:	Sven Vermeulen (RETIRED) <swift>
Status:	RESOLVED FIXED
Severity:	normal	CC:	selinux
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	sec-policy r4
Package list:		Runtime testing required:	---

Description Vincent Brillault 2014-07-03 21:41:47 UTC

After restarting upsdrv, the resulting process runs as initrc_t:
system_u:system_r:initrc_t      nut       9026  0.0  0.0  27572   940 ?        Ss   Jun29   2:31 /lib64/nut/usbhid-ups -a Belegaer

The root cause seems to be that /usr/sbin/upsdrvctl is a link to /lib64/nut/upsdrvctl on my system and thus, the file definitions from nut.fc do not apply:
/usr/sbin/upsdrvctl     --      gen_context(system_u:object_r:nut_upsdrvctl_exec_t,s0)

Doing a simple "chcon system_u:object_r:nut_upsdrvctl_exec_t /lib64/nut/upsdrvctl" solves (temporary at least) the issue (after a run_init /etc/init.d/upsdrv restart):
system_u:system_r:nut_upsdrvctl_t nut    29483  0.0  0.0  27572   944 ?        Ss   23:33   0:00 /lib64/nut/usbhid-ups -a Belegaer

Thanks in advance!

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2014-07-05 16:27:27 UTC

Thanks, added to our tree.

Available in -9999 ebuilds, will be in r4

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2014-08-01 21:13:44 UTC

r4 is in the tree (~arch)

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2014-08-22 17:50:44 UTC

r5 is stable