Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.4
Component/s: selinux-policy
Labels:
- bootc
- ostree

Epic Link:
SELINUX-3400

Pool Team:

sst_security_selinux
Sub-System Group:

ssg_security

Internal Target Milestone:
14
ACKs Check:

QE ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Products:

Red Hat Enterprise Linux
Sprint:
CY24Q2

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

For image based updates we'd like to support having /var be empty.

# rpm -q selinux-policy
selinux-policy-38.1.33-1.el9.noarch
# journalctl --grep=avc
Mar 15 16:59:22 localhost kernel: audit: type=1400 audit(1710521962.366:4): avc:  denied  { create } for  pid=520 comm="systemd-random-" name="random-seed" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file permissive=0
Mar 15 16:59:22 localhost kernel: audit: type=1400 audit(1710521962.366:5): avc:  denied  { write } for  pid=465 comm="systemd-journal" name="var" dev="vda4" ino=16908417 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=0

Assignee:: Zdenek Pytela

Reporter:: Colin Walters

Developer:: Zdenek Pytela

QA Contact:: Milos Malik

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/03/15 5:07 PM

Updated:: 2024/05/07 9:38 PM

Target end:: 2024/06/03

Details

Description

Attachments

Activity

People

Dates

Hide