Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-78826

rhcd runs as unconfined_service_t, breaking CIS L1 rule "1.5.1.6 Ensure no unconfined services exist"

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.10
    • rhc
    • None
    • No
    • Low
    • subs-client-tools
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      /usr/sbin/rhcd is having bin_t context on RHEL8, which makes it run as unconfined_service_t, which is prohibited when applying CIS L1 profile.
      RHEL9 got fixed.

      What is the impact of this issue to you?

      Compliance issue

      Please provide the package NVR for which the bug is seen:

      rhc-0.2.5-1.el8_10
      selinux-policy-3.14.3-139.el8_10.1

      How reproducible is this bug?:

      Always, just start the service

              csi-client-tools-bugs CSI Client Tools Bugs Bot
              rhn-support-rmetrich Renaud Métrich
              CSI Client Tools Bugs Bot CSI Client Tools Bugs Bot
              CSI Client Tools Bugs Bot CSI Client Tools Bugs Bot
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: