Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.4
Affects Version/s: rhel-9.2.0
Component/s: policycoreutils
Labels:
None

Fixed in Build:
policycoreutils-3.6-1.el9
Epic Link:
SELINUX-3211

Pool Team:

sst_security_selinux
Sub-System Group:

ssg_security

Internal Target Milestone:
19
Story Points:
1
ACKs Check:

QE ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
CY23Q4

Acceptance Criteria:

Hide

The `sepolicy generate --application` command generates an appropriate .fc file which contains file context patterns for writable locations like /var/lib, /var/log, /run etc.

Show
The `sepolicy generate --application` command generates an appropriate .fc file which contains file context patterns for writable locations like /var/lib, /var/log, /run etc.
Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/123965
Gating Tests:

Enabled
Test Coverage:

Yes

Release Note Type:
Release Note Not Required

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

run https://src.fedoraproject.org/tests/selinux/blob/main/f/policycoreutils/sepolicy-generate-application

:: [ 06:18:58 ] :: [  BEGIN   ] :: Running 'mkdir policy'
:: [ 06:18:58 ] :: [   PASS   ] :: Command 'mkdir policy' (Expected 0, got 0)
:: [ 06:18:58 ] :: [  BEGIN   ] :: Running 'sepolicy generate -p policy --application /usr/bin/mysqld_safe'
nm: /usr/bin/mariadbd-safe: file format not recognized
Created the following files:
policy/mariadbd_safe.te # Type Enforcement file
policy/mariadbd_safe.if # Interface file
policy/mariadbd_safe.fc # File Contexts file
policy/mariadbd_safe_selinux.spec # Spec file
policy/mariadbd_safe.sh # Setup Script

:: [ 06:18:59 ] :: [   PASS   ] :: Command 'sepolicy generate -p policy --application /usr/bin/mysqld_safe' (Expected 0, got 0)
:: [ 06:18:59 ] :: [  BEGIN   ] :: Running 'cat policy/*fc'
/usr/bin/mariadbd-safe		--	gen_context(system_u:object_r:mariadbd_safe_exec_t,s0)
:: [ 06:18:59 ] :: [   PASS   ] :: Command 'cat policy/*fc' (Expected 0, got 0)
:: [ 06:18:59 ] :: [  BEGIN   ] :: Running 'grep /var/lib/mysql policy/*.fc'
:: [ 06:18:59 ] :: [   FAIL   ] :: Command 'grep /var/lib/mysql policy/*.fc' (Expected 0, got 1)
:: [ 06:18:59 ] :: [  BEGIN   ] :: Running 'grep /var/log/mariadb policy/*.fc'
:: [ 06:18:59 ] :: [   FAIL   ] :: Command 'grep /var/log/mariadb policy/*.fc' (Expected 0, got 1)
:: [ 06:18:59 ] :: [  BEGIN   ] :: Running 'rm -rf policy'
:: [ 06:18:59 ] :: [   PASS   ] :: Command 'rm -rf policy' (Expected 0, got 0)

fixed in Fedora - https://github.com/fedora-selinux/selinux/commit/d925b00da35384331df9bf31935398c37117f895

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

is cloned by

RHEL-17398 `sepolicy generate --application` does not detect writable locations [rhel-8]

Closed

links to

RHBA-2023:123965 policycoreutils bug fix and enhancement update

TCMS Test Case 615932

mentioned on

Merge request - SELinux userspace 3.6 release

Assignee:: Petr Lautrbach

Reporter:: Petr Lautrbach

Developer:: Petr Lautrbach

QA Contact:: Milos Malik

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/11/03 1:20 PM

Updated:: 2024/04/30 10:51 AM

Resolved:: 2024/04/30 10:51 AM

Target end:: 2024/01/08

Release Date:: 2024/04/30

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Activity

People

Dates