| Bug ID | 1217530 |
|---|---|
| Summary | [SELinux] support /bin/alts in the policy |
| Classification | openSUSE |
| Product | openSUSE Tumbleweed |
| Version | Current |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | cathy.hu@suse.com |
| QA Contact | security-team@suse.de |
| Target Milestone | --- |
| Found By | --- |
| Blocker | --- |
a lot of binaries symlink to /bin/alts, which is an alternative to update-alternatives, see: https://github.com/openSUSE/libalternatives https://manpages.opensuse.org/Tumbleweed/alts/alts.1.en.html this causes issues like e.g. bsc#1216903 because: ``` $ ls -Zal /usr/sbin/iptables lrwxrwxrwx. 1 root root system_u:object_r:bin_t:s0 11 Oct 24 20:13 /usr/sbin/iptables -> ../bin/alts* ``` /sbin/iptables should be labeled iptables_exec_t to work properly, but /bin/alts should not so we need to adjust the policy to support that