Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-62354

[rhel-10] label /dev/sgx* devices

XMLWordPrintable

    • selinux-policy-40.13.10-1.el10
    • No
    • Important
    • FutureFeature
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 9
    • 1
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • SELINUX 241016 - 241106
    • Hide

      SELinux policy defines specific labels, different from device_t, for the /dev/sgx* devices.

      Show
      SELinux policy defines specific labels, different from device_t, for the /dev/sgx* devices.
    • Pass
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      No SELinux label for /dev/sgx* devices.

      Please provide the package NVR for which bug is seen:

      selinux-policy-38.1.35-2.el9_4.2.noarch
      selinux-policy-targeted-38.1.35-2.el9_4.2.noarch

      How reproducible:

      Always.

      Steps to reproduce

      1. Install RHEL9.4 on a system whose CPU with sgx support.
      2. Run the command `find /dev -context :device_t: ( -type c -o -type b ) -printf "%p %Z\n"` as root

      Expected results

      All devices should be properly labeled.

      Actual results

      Get the following result:
      /dev/sgx_vepc system_u:object_r:device_t:s0
      /dev/sgx_provision system_u:object_r:device_t:s0

              rhn-support-zpytela Zdenek Pytela
              rhn-support-qguo Qi Guo
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: