Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-9947

Users mapped to sysadm_u cannot execute `sudo traceroute` command

XMLWordPrintable

    • selinux-policy-3.14.3-133.el8
    • Major
    • sst_security_selinux
    • ssg_security
    • 20
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      Confined users that are based on sysadm_r can successfully execute the traceroute command in enforcing mode. The traceroute command works as expected and does not trigger any SELinux denials.

      Show
      Confined users that are based on sysadm_r can successfully execute the traceroute command in enforcing mode. The traceroute command works as expected and does not trigger any SELinux denials.
    • Pass
    • Automated
    • Release Note Not Required
    • Included in RHEL-15398
    • None

      What were you trying to do that didn't work?

      This is a consequence of not having wanted to fix BZ 1910077 again.

       Users mapped to sysadm_u cannot execute `sudo traceroute` command because `sysadm_sudo_t` context cannot execute `traceroute` command due to missing rule to transition.

      Please provide the package NVR for which bug is seen:

      selinux-policy

      How reproducible:

      Always

      Steps to reproduce

      1. Execute the command from confined sysadm
        {{}} 
        sudo traceroute -T google.com -p 80

        Expected results

        Works

        Actual results

        Fails

            rhn-support-zpytela Zdenek Pytela
            rhn-support-rmetrich Renaud Métrich
            Nikola Kňažeková Nikola Kňažeková (Inactive)
            Milos Malik Milos Malik
            Jan Fiala Jan Fiala
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: