https://bugzilla.suse.com/show_bug.cgi?id=1217530 Bug ID: 1217530 Summary: [SELinux] support /bin/alts in the policy Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- a lot of binaries symlink to /bin/alts, which is an alternative to update-alternatives, see: https://github.com/openSUSE/libalternatives https://manpages.opensuse.org/Tumbleweed/alts/alts.1.en.html this causes issues like e.g. bsc#1216903 because: ``` $ ls -Zal /usr/sbin/iptables lrwxrwxrwx. 1 root root system_u:object_r:bin_t:s0 11 Oct 24 20:13 /usr/sbin/iptables -> ../bin/alts* ``` /sbin/iptables should be labeled iptables_exec_t to work properly, but /bin/alts should not so we need to adjust the policy to support that -- You are receiving this mail because: You are on the CC list for the bug.