Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-131723

Add files in /usr/share/*/bin/* to trust db

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • rhel-8.10, rhel-10.1, rhel-9.7
    • fapolicyd
    • fapolicyd-1.4.3-1.el10
    • None
    • Low
    • rhel-security-selinux
    • 1
    • 22
    • 2
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • SELINUX 260128: 17
    • Bug Fix
    • Hide
      Cause:

      Binaries placed in /usr/share/*bin/ directories were not added to trusted database

      Consequence:

      These binaries were not possible to execute with trust=1 rules
      Fix:

      /usr/share/*/bin/* was added to the fapolicyd-filter.conf

      Result:

      Binaries are trusted now.
      Show
      Cause: Binaries placed in /usr/share/*bin/ directories were not added to trusted database Consequence: These binaries were not possible to execute with trust=1 rules Fix: /usr/share/*/bin/* was added to the fapolicyd-filter.conf Result: Binaries are trusted now.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Some binaries are shipped in /usr/share//bin/, see Upstream PR #385.
      Without updating the filter, it becomes not possible to execute certain binaries and actually it's hard to tell what is wrong because the binary appears as "untrusted" despite it comes from a RPM.

      Please backport the PR once merged Upstream.

              rhn-engineering-plautrba Petr Lautrbach
              rhn-support-rmetrich Renaud Métrich
              Petr Lautrbach Petr Lautrbach
              Milos Malik Milos Malik
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: