-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13, 4.12, 4.14, 4.15, 4.16, 4.17, 4.18, 4.19
Description of problem:
A container using the SELinux domain of container_logreader_t to watch container logs on the host at /var/log cannot access the logs from /var/log/containers since those logs are a symbolic link to /var/log/pods. All other log files in /var/log are accessible just not ones that are symlinks.
Version-Release number of selected component (if applicable):
How reproducible:
100%
Steps to Reproduce:
1. Create symlinks in /var/log 2. Use container_logreader_t 3. Attempt follow symlinks to watch attributes on files
Actual results:
Permission denied
Expected results:
No permission issues
Additional info:
- is cloned by
-
OCPBUGS-54342 [4.18] SELinux container_logreader_t cannot watch /var/log symlinks
-
- Closed
-
- relates to
-
RHEL-85433 SELinux container_logreader_t cannot watch /var/log symlinks - [RHEL 9.7]
-
- Release Pending
-
-
RHEL-85434 SELinux container_logreader_t cannot watch /var/log symlinks - [RHEL 9.6] 0day
-
- Closed
-
-
RHEL-85435 SELinux container_logreader_t cannot watch /var/log symlinks - [RHEL 10.0] 0day
-
- Closed
-
- links to
-
RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update