Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.1
Affects Version/s: None
Component/s: setroubleshoot
Labels:
- rn-yml

Fixed in Build:
setroubleshoot-3.3.35-3.el10
Regression:
No
Severity:
Moderate
Epic Link:
SELINUX-3820
sprint_count:
1

AssignedTeam:
rhel-security-selinux
Sub-System Group:

ssg_security

Internal Target Milestone:
13
Story Points:
2
ACKs Check:

QE ack
Target Version:

rhel-10.1
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
SELINUX 250604: 7

Acceptance Criteria:

Hide

The setroubleshoot packages no longer depend on initscripts.

Show
The setroubleshoot packages no longer depend on initscripts.
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/147215
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.`setroubleshoot-server` no longer requires initscripts

Before this update, the `%post` and `%postun` scriptlets for the `setroubleshoot-server` SELinux diagnostic tool called `/sbin/service`. With this update, the scriptlets now directly call `auditctl` for reloading the `auditd` service, and bypass the use of `/sbin/service`. This enhancement simplifies the dependency structure and streamlines the execution of the scriptlets.

Show
.`setroubleshoot-server` no longer requires initscripts Before this update, the `%post` and `%postun` scriptlets for the `setroubleshoot-server` SELinux diagnostic tool called `/sbin/service`. With this update, the scriptlets now directly call `auditctl` for reloading the `auditd` service, and bypass the use of `/sbin/service`. This enhancement simplifies the dependency structure and streamlines the execution of the scriptlets.
Release Note Status:
Done
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:
Bugzilla Bug:
RHBZ: 2365614

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

0) commit ea0d9634 ("Update scriptlets to reload auditd service") made the %post and %postun scriptlets for setroubleshoot-server call /sbin/service.

1) commit 2c88c3ce ("Require initscripts-service - /sbin/service") added a dependency on /sbin/service in setroubleshoot.spec.

2) However, if my reading of /sbin/service is correct, calling
/sbin/service auditd reload

is currently equivalent to calling
/bin/systemctl reload auditd.service

This suggests that the scriptlets could call systemctl directly and that the dependency on /sbin/service could be dropped.

3) I'm happy to open a pull-request for the trivial change to accomplish this. But I don't have setroubleshoot-server installed and have no clue how to test this change. So that pull request will be of little value.

links to

RHBA-2025:147215 setroubleshoot bug fix and enhancement update

TCMS Test Case 619234

Assignee:: Petr Lautrbach

Reporter:: RH Bugzilla Integration

Developer:: Unassigned

QA Contact:: Milos Malik

Doc Contact:: Jan Fiala

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2025/05/12 6:21 PM

Updated:: 2025/09/25 3:22 PM

Target end:: 2025/05/26

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide