Re: auditd went crazy

[Daniel J Walsh <dwalsh redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd Zullinger wrote:
> Daniel J Walsh wrote:
>> Seems like you have a mislabeld program running as initrc_t?
>>
>> ps -eZ | grep initrc_t
> 
> Are there some docs on how to fix up an programs running as initrc_t
> (and when it is required to do so)?  I notice that puppetd is in this
> situation on my system, but I don't know if that's a potential problem
> nor how to correct it if it is.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No any system daemon that does not have policy will run as initrc_t, if
these daemons executed confined applications, you could see AVC's. But
ordinarily an initrc_t domains will run as "unconfined".  It is the
equivalent of the unconfined_t domain for a logged in user.

We could write policy for puppetd and it would run under a different
context.  Puppetd probably needs to do just about anything, so writing a
 standard policy for it to work everywhere is impossible, so it would
have to be uncofined.

A lot of times AVC's for a confined domain referrring to initrc_t
indicates a leaked file descriptor.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhzs2oACgkQrlYvE4MpobObKQCffuDxLZZi8VO6fMN9YsgwL8ZF
mCwAnjemACoAtARCctYhU13o2Lb7DuSm
=8Mj3
-----END PGP SIGNATURE-----