-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.3.0.z
-
None
-
Moderate
-
1
-
sst_security_selinux
-
ssg_security
-
20
-
3
-
QE ack
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
SELINUX 241106 - 241127
-
-
None
-
Automated
-
Unspecified Release Note Type - Unknown
-
-
x86_64
-
None
What were you trying to do that didn't work?
the power-profiles-daemon process runs under the "unconfined_service_t" label which means that the system can't pass the CIS 9 - "1.6.1.6 Ensure no unconfined services exist (Automated)".
Please provide the package NVR for which bug is seen:
How reproducible:
always
Steps to reproduce
- Fresh install the RHEL9 with "Server with GUI".
- Switch the system to graphical.target via "systemctl set-default graphical.target"
- Check the process label via "ps -eZ|egrep 'unconfined_service_t'"
Expected results
the power-profiles-daemon process(es) are confined by SELinux, they do not run under the "unconfined_service_t" label
Actual results
# cat /etc/redhat-release Red Hat Enterprise Linux release 9.3 (Plow) # systemctl get-default graphical.target # ps -eZ|egrep 'unconfined_service_t' system_u:system_r:unconfined_service_t:s0 862 ? 00:00:00 power-profiles- system_u:system_r:unconfined_service_t:s0 865 ? 00:00:00 switcheroo-cont #
- clones
-
RHEL-24268 the switcheroo-control service runs under unconfined_service_t label
- Planning
- is cloned by
-
RHEL-62356 [rhel-10] the power-profiles-daemon service runs under unconfined_service_t label
- Planning
- links to
- mentioned in
-
Page Loading...
(1 mentioned in)