-
Bug
-
Resolution: Unresolved
-
Minor
-
rhel-9.3.0.z
-
None
-
Moderate
-
1
-
sst_security_selinux
-
ssg_security
-
3
-
QE ack
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
CY24Q2
-
-
None
-
Automated
-
Unspecified Release Note Type - Unknown
-
-
x86_64
-
None
What were you trying to do that didn't work?
the switcheroo-control process runs under "unconfined_service_t" label which means that the system can't pass the
CIS 9 - "1.6.1.6 Ensure no unconfined services exist (Automated)".
Please provide the package NVR for which bug is seen:
How reproducible:
always
Steps to reproduce
- Fresh install the RHEL9 with "Server with GUI".
- Switch the system to graphical.target via "systemctl set-default graphical.target"
- Check the process label via "ps -eZ|egrep 'unconfined_service_t'"
Expected results
the switcheroo-control process(es) are confined by SELinux, they do not run under the "unconfined_service_t" label
Actual results
# cat /etc/redhat-release Red Hat Enterprise Linux release 9.3 (Plow) # systemctl get-default graphical.target # ps -eZ|egrep 'unconfined_service_t' system_u:system_r:unconfined_service_t:s0 862 ? 00:00:00 power-profiles- system_u:system_r:unconfined_service_t:s0 865 ? 00:00:00 switcheroo-cont #
- is cloned by
-
RHEL-61117 [rhel-9] the power-profiles-daemon service runs under unconfined_service_t label
- Planning
- links to
- mentioned in
-
Page Loading...