Bug ID | 1206570 |
---|---|
Summary | [SELinux] rebootmgr: new features needs bash execution |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | MicroOS |
Assignee | kubic-bugs@opensuse.org |
Reporter | kukuk@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
rebootmgr get's a new feature: make the reboot command configureable, so that we could use kexec, too (https://github.com/SUSE/rebootmgr/issues/13) This requires that the policy for rebootmgr allows to execute a shell: type=AVC msg=audit(1671572322.755:93): avc: denied { execute } for pid=1445 comm="rebootmgrd" name="bash" dev="vda2" ino=43372 scontext=system_u:system_r:rebootmgr_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0