-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
rhel-10.0
-
None
-
None
-
rhel-security-selinux
-
ssg_security
-
2
-
QE ack
-
False
-
False
-
-
None
-
None
-
-
None
-
Automated
-
-
All
-
None
What were you trying to do that didn't work?
When a RHEL user wants to list SELinux contexts on the system, it's required to be root. However, there is nothing secret to get these data.
Please provide the package NVR for which bug is seen:
policycoreutils-3.7-3.el10.x86_64
How reproducible:
Always
Expected results
$ id -u 1000 $ semanage fcontext -l SELinux fcontext type Context / directory system_u:object_r:root_t:s0 /.* all files system_u:object_r:default_t:s0 /[^/]+ regular file system_u:object_r:etc_runtime_t:s0 /\.autofsck regular file system_u:object_r:etc_runtime_t:s0 /\.autorelabel regular file system_u:object_r:etc_runtime_t:s0 /\.ismount-test-file regular file system_u:object_r:sosreport_tmp_t:s0 /\.journal all files <<None>> /\.snapshots(/.*)? all files system_u:object_r:snapperd_data_t:s0 /\.suspended regular file system_u:object_r:etc_runtime_t:s0 /a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 ...
Actual results
$ id -u 1000 $ semanage fcontext -l ValueError: SELinux policy is not managed or store cannot be accessed. $
I believe it's worth to investigate it and to find a solution which enables to list file contexts without root privileges. It could help the tools such as udica to get SELinux context without the need to run these tools as root.
- clones
-
-
- Planning
-