SELinux: Redis server running unconfined when installed from sources

[serhii-shnurenko]

:ghost: Brief Description

When redis installed from sources, SELinux context type of redis-server binary is bin_t which makes the process run unconfined. redis_exec_t file context must be used for redis-server binary or context configured with processmanager (systemd)

:pancakes: Cookbook version

4.2.0

:woman_cook: Chef-Infra Version

Chef Infra Client: 15.12.22

:tophat: Platform details

CentOS Linux release 7.9.2009 (Core) Selinux in enforcing mode

$ getenforce
Enforcing

Steps To Reproduce

Steps to reproduce the behavior:

1. Converge cookbook using installation from sources
2. Perform ps axZ | grep redis-server

system_u:system_r:unconfined_service_t:s0 1532 ? Ssl 166:46 /usr/local/bin/redis-server *:0
system_u:system_r:unconfined_service_t:s0 11303 ? Ssl 443:17 /usr/local/bin/redis-server *:0
....

Service running unconfined

:police_car: Expected behavior

When running ps axZ | grep redis-server output should be like this:

system_u:system_r:redis_t:s0    10843 ?        Ssl    0:00 /usr/local/bin/redis-server *:0
system_u:system_r:redis_t:s0    10890 ?        Ssl    0:00 /usr/local/bin/redis-server *:0
....

redis running under the system_u:system_r:redis_t context.

[ramereth]

@ervinsh please feel free to make a PR which addresses this and we can get this merged/released.