Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-43529

fips-mode-setup --check is only allowed for root

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • crypto-policies
    • None
    • None
    • None
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Hide

      AC1) Non-root user can run fips-mode-setup --check successfully, FIPS mode is reported.

      Show
      AC1) Non-root user can run fips-mode-setup --check successfully, FIPS mode is reported.
    • None
    • Enabled
    • Automated
    • None

      What were you trying to do that didn't work?

      In RHEL-9 we didn't allowed enabling or disabling FIPS mode by fips-mode-setup tool by non-root users but we allowed to check the state of FIPS mode. On RHEL-10 not even check is allowed. This is a regression when compared to RHEL-9.

      Please provide the package NVR for which bug is seen:

      crypto-policies-20240522-1.git77963ab.el10

      How reproducible:

      100%

      Steps to reproduce

      # useradd testuser
# su -c 'fips-mode-setup --check' -- testuser'

      Expected results

      Passes as follows:

      FIPS mode is disabled.
Initramfs fips module is disabled.
The current crypto policy (DEFAULT) neither is the FIPS policy nor is based on the FIPS policy.

      Actual results

      Fails as follows:

      You must be root to run fips-mode-setup

              asosedki@redhat.com Alexander Sosedkin
              omoris Ondrej Moris
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: