Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-95750

The /etc/redis.conf should be labeled with redis_conf_t.

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • Low
    • rhel-se-security
    • ssg_security
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      The redis-server is unable to update the /etc/redis.conf file. Seeing lots of messages `type=AVC msg=audit() : avc:  denied  { write } for  pid=xxxx comm=redis-server name=redis.conf dev="<dev>" ino=xxxx scontext=system_u:system_r:redis_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file permissive=0 `.

      What is the impact of this issue to you?

      The redis-server may not work properly.

      Please provide the package NVR for which the bug is seen:

      redis-6.2.18-1.module+el8.10.0+23050+05ea4e95.x86_64

      selinux-policy-targeted-3.14.3-139.el8_10.1.noarch

      How reproducible is this bug?:

      Always.

      Steps to reproduce

      1. Fresh install RHEL8 and redis6 module.
      2. Configure a redis cluster.
      3. The SELinux is in enforcing mode.

      Expected results

      No AVC messages related to the redis-server when it's working.

      Actual results

      Lots of AVC messages.

              rhn-support-npatwa Nikita Patwa
              rhn-support-qguo Qi Guo
              Zdenek Pytela Zdenek Pytela
              se-security se-security se-security se-security
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: