[Bug 1206570] New: [SELinux] rebootmgr: new features needs bash execution
https://bugzilla.suse.com/show_bug.cgi?id=1206570 Bug ID: 1206570 Summary: [SELinux] rebootmgr: new features needs bash execution Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: MicroOS Assignee: kubic-bugs@opensuse.org Reporter: kukuk@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- rebootmgr get's a new feature: make the reboot command configureable, so that we could use kexec, too (https://github.com/SUSE/rebootmgr/issues/13) This requires that the policy for rebootmgr allows to execute a shell: type=AVC msg=audit(1671572322.755:93): avc: denied { execute } for pid=1445 comm="rebootmgrd" name="bash" dev="vda2" ino=43372 scontext=system_u:system_r:rebootmgr_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=0 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1206570 https://bugzilla.suse.com/show_bug.cgi?id=1206570#c1 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsegitz@suse.com --- Comment #1 from Johannes Segitz <jsegitz@suse.com> --- Something along the line of corecmd_exec_bin(rebootmgr_t) corecmd_exec_shell(rebootmgr_t) but I think we should not run the command in a shell environment. Will comment in the PR -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1206570 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|kubic-bugs@opensuse.org |jsegitz@suse.com -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com