Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5032

policycoreutils-restorecond sets incorrect SELinux context for D-Bus daemons

XMLWordPrintable

    • selinux-policy-38.1.29-1.el9
    • sst_security_selinux
    • ssg_security
    • 16
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • Hide

      Even if the '/bin/*' line is present in the /etc/selinux/restorecond.conf file, the restorecond service does not mislabel files in the /usr/bin/ directory during its start.

      Show
      Even if the '/bin/*' line is present in the /etc/selinux/restorecond.conf file, the restorecond service does not mislabel files in the /usr/bin/ directory during its start.
    • Pass
    • Automated
    • Bug Fix
    • Hide
      .`/bin = /usr/bin` file context equivalency rule added to SELinux policy

      Previously, the SELinux policy did not contain the `/bin = /usr/bin` file context equivalency rule. As a consequence, the `restorecond` daemon did not work correctly. This update adds the missing rule to the policy, and as a consequence, `restorecond` works correctly in SELinux enforcing mode.

      IMPORTANT:: This change overrides any local policy modules which use file context specification for a pattern in `/bin`.
      Show
      .`/bin = /usr/bin` file context equivalency rule added to SELinux policy Previously, the SELinux policy did not contain the `/bin = /usr/bin` file context equivalency rule. As a consequence, the `restorecond` daemon did not work correctly. This update adds the missing rule to the policy, and as a consequence, `restorecond` works correctly in SELinux enforcing mode. IMPORTANT:: This change overrides any local policy modules which use file context specification for a pattern in `/bin`.
    • Done
    • None

      Steps to reproduce

      1. Install policycoreutils-restorecond package
      2. Change its config file in /etc/selinux/restorecond.conf and add "/usr/*" line there
      3. Restart the restorecond service

      Expected results

      /usr/bin/dbus* files retain correct SELinux context

      Actual results

      SELinux context for /usr/bin/dbus* is changed to "system_u:object_r:bin_t:s0" which is not correct

            rhn-support-zpytela Zdenek Pytela
            ovalouse Ondrej Valousek
            Nikola Kňažeková Nikola Kňažeková (Inactive)
            Milos Malik Milos Malik
            Jan Fiala Jan Fiala
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: