Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: fapolicyd
Labels:
- MigratedToJIRA
- Triaged

Regression:
None
Severity:
Moderate

AssignedTeam:
rhel-security-special-projects

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
If docs needed, set a value

Experience:
Bugzilla Bug:
RHBZ: 1903549

PX Impact Score:
PX Priority Data:
PX Review Complete:
PX Scheduling Request:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:

The default policy contains 2 rules to allow Ansible automation:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
9 allow perm=any uid=0 : dir=/tmp/ansible
10 allow perm=any uid=0 : dir=/root/.ansible/tmp/
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

These rules however do not apply to automation executing as a regular user or service account.

Version-Release number of selected component (if applicable):

fapolicyd-1.0-3.el8_3.3.x86_64

external trackers

Red Hat Customer Portal 02780162

Red Hat Customer Portal 03085628

Red Hat Issue Tracker RHELPLAN-60861

Red Hat Issue Tracker SECENGSP-3387

Assignee:: Radovan Sroka (Inactive)

Reporter:: Renaud Métrich

Developer:: Radovan Sroka (Inactive)

QA Contact:: SSG Security QE

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/08/16 2:50 PM

Updated:: 2025/12/03 12:43 AM

Resolved:: 2025/04/01 8:29 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates