Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-20352

rhc sets itself as `permissive -a rhcd_t`as custom policy, although it's the default

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-9.4
    • rhc
    • None
    • None
    • rhel-sst-insights
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      The most recent RHEL 9.4 nightly cloud images added the "rhc" package, see https://github.com/cockpit-project/bots/pull/5724 . This package modifies the local SELinux policy, so that it appears as admin customization:

      # semanage export
[...]
permissive -a rhcd_t

      This is really ugly – this is supposed to be a tool for the administrator to customize the default policy, and see what they changed. Distribution packages are not supposed to use this facility – that should be part of selinux-policy instead.

      This will break running semanage permissive -D, which is part of the standard "reset SELinux policy customizations to distro default" recipe (e.g. in Ansible).

      Please provide the package NVR for which bug is seen:

      rhc-0.2.4-3.el9_3.x86_64

      How reproducible:

      Always

              csi-client-tools-bugs CSI Client Tools Bugs Bot
              rhn-engineering-mpitt Martin Pitt
              CSI Client Tools Bugs Bot CSI Client Tools Bugs Bot
              CSI Client Tools Bugs Bot CSI Client Tools Bugs Bot
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: