Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-61885

pmlogger_farm_check.service runs as unconfined_service_t

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-9.6
    • rhel-9.4
    • pcp
    • None
    • pcp-6.3.2-1.el9
    • No
    • Moderate
    • 2
    • rhel-sst-pt-pcp
    • ssg_platform_tools
    • 2
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • PCP Sprint 12, PCP Sprint 13
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      The pmlogger_farm_check.service unit executes /usr/bin/pmlogctl as ExecStart command.
      Because /usr/bin/pmlogctl is labeled with bin_t, this makes the service execute as unconfined_service_t, which breaks STIG compliance.

      I believe the solution is to label the binary similarly to ∕usr/bin/pmlogger, hence pcp_pmlogger_exec_t.

      What is the impact of this issue to you?

      Breaks STIG compliance

      Please provide the package NVR for which the bug is seen:

      pcp-6.2.0-5.el9_4

      How reproducible is this bug?:

      Always, just start the service manually

              nathans@redhat.com Nathan Scott
              rhn-support-rmetrich Renaud Métrich
              pcp-maint pcp-maint
              Jan Kurik Jan Kurik
              Lenka Špačková Lenka Špačková
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: