-
Bug
-
Resolution: Done-Errata
-
Normal
-
CentOS Stream 9
-
None
-
selinux-policy-38.1.52-1.el9
-
No
-
Moderate
-
1
-
rhel-security-selinux
-
ssg_security
-
25
-
2
-
False
-
False
-
-
No
-
SELINUX 250219: 2
-
-
Pass
-
Automated
-
Release Note Not Required
-
None
What were you trying to do that didn't work?
Run `bootupctl adopt-and-update` command failed after removing /boot/bootupd-state.json
What is the impact of this issue to you?
Please provide the package NVR for which the bug is seen:
selinux-policy-38.1.49-1.el9.noarch
How reproducible is this bug?:
100%
Steps to reproduce
1. Start scos vm, run command:
# mount -o remount,rw /boot # rm /boot/bootupd-state.json # bootupctl adopt-and-update error: internal error: Failed to find ESP device
2. Check avc logs
Expected results
`bootupctl adopt-and-update` run successfully without error.
Actual results
# ausearch -m avc ---- time->Wed Dec 11 07:01:14 2024 type=PROCTITLE msg=audit(1733900474.936:105): proctitle=2F7573722F6C6962657865632F626F6F74757064006461656D6F6E002D76 type=SYSCALL msg=audit(1733900474.936:105): arch=c000003e syscall=332 success=no exit=-13 a0=ffffff9c a1=7ffdf36317b0 a2=0 a3=fff items=0 ppid=1 pid=2066 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="bootupd" exe="/usr/libexec/bootupd" subj=system_u:system_r:bootupd_t:s0 key=(null) type=AVC msg=audit(1733900474.936:105): avc: denied { getattr } for pid=2066 comm="bootupd" path="/dev/vda2" dev="devtmpfs" ino=502 scontext=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0
The related issue can see https://issues.redhat.com/browse/RHEL-66584
- is cloned by
-
-
- Release Pending
-
- links to
-
RHBA-2024:139849
selinux-policy bug fix and enhancement update