Is arbitrary access to rpm_t by sysadm_r a security problem?

[Aleksey Nogin <aleksey@xxxxxxxxx>]

I would imagine sysadm_r can do a lot anyway, but just in case it is a 
problem, here it is:

% id
uid=500(aleksey) gid=500(aleksey) groups=500(aleksey) 
context=aleksey:sysadm_r:sysadm_t
% rpm -q rpm --pipe id
uid=500(aleksey) gid=500(aleksey) groups=500(aleksey) 
context=aleksey:sysadm_r:rpm_t

Basically, the --pipe option to rpm seems to be giving sysadm_r full 
access to sysadm_r:rpm_t

--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin@xxxxxxxxxxxxxx (office), aleksey@xxxxxxxxx (personal)
Office: Jorgensen 70, tel: (626) 395-2907