-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.4
-
selinux-policy-38.1.37-1.el9
-
None
-
None
-
1
-
rhel-sst-security-selinux
-
ssg_security
-
11
-
None
-
QE ack
-
False
-
-
Yes
-
CY24Q2
-
-
Pass
-
Automated
-
Enhancement
-
-
Done
-
-
All
-
None
Summary:
bootupd is a daemon with a remote command line interface (bootupctl). It listens on /run/bootupd.sock. Although it does not expose any privilege escalating command, it is currently only exposed to root as a precaution, thus should probably only be reachable by the sysadm/staff domains.
It requires privileges to remount /boot as RW as needed and update the content of /boot with files from /usr/lib/bootupd/updates/.
$ ls -alhZ /usr/lib/bootupd/updates/
total 4.0K
drwxr-xr-x. 3 root root system_u:object_r:lib_t:s0 33 Jan 1 1970 .
...
It also reads:
$ ls -alhZ /sysroot/.coreos-aleph-version.json
rw-rr-. 1 root root system_u:object_r:root_t:s0 195 Oct 14 02:07 /sysroot/.coreos-aleph-version.json
Refer to https://bugzilla.redhat.com/show_bug.cgi?id=2044508 for further details.
The service was confined in Fedora in https://github.com/fedora-selinux/selinux-policy/pull/1598, with 1 subsequent fix. There is a test available:
/CoreOS/selinux-policy/Regression/bootupd-and-similar
- links to
-
RHBA-2024:130707 selinux-policy bug fix and enhancement update