Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-29331

allow an empty /var

XMLWordPrintable

    • selinux-policy-38.1.41-1.el9
    • None
    • None
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 22
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • CY24Q2
    • Hide

      The systemd-journald and systemd-random-seed processes do not trigger any SELinux denials during boot on a machine with an empty /var.

      Show
      The systemd-journald and systemd-random-seed processes do not trigger any SELinux denials during boot on a machine with an empty /var.
    • Pass
    • None
    • Unspecified Release Note Type - Unknown
    • None

      For image based updates we'd like to support having /var be empty. 

      # rpm -q selinux-policy
selinux-policy-38.1.33-1.el9.noarch
# journalctl --grep=avc
Mar 15 16:59:22 localhost kernel: audit: type=1400 audit(1710521962.366:4): avc:  denied  { create } for  pid=520 comm="systemd-random-" name="random-seed" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=0
Mar 15 16:59:22 localhost kernel: audit: type=1400 audit(1710521962.366:5): avc:  denied  { write } for  pid=465 comm="systemd-journal" name="var" dev="vda4" ino=16908417 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=0

              rhn-support-zpytela Zdenek Pytela
              walters@redhat.com Colin Walters
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: