Bug 1747569

Summary: sudo is not properly applying unconfined_r selinux context to user
Product: Red Hat Enterprise Linux 8 Reporter: Striker Leggette <striker>
Component: sudoAssignee: Radovan Sroka <rsroka>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: dapospis
Target Milestone: rcKeywords: Triaged
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-09-09 18:42:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Striker Leggette 2019-08-30 20:31:31 UTC 
# Description of problem:
 - RHEL 8 sudo is not applying unconfined_r context to users from sudo rule stored in IPA

# Version-Release number of selected component (if applicable):
 - sudo-1.8.25p1-4.el8.x86_64

# How reproducible:
 - Always

# Steps to Reproduce:
1. Define sudo rule in IPA with option "role=unconfined_r" and give a user access.
2. Join RHEL 8 IPA Client to IPA Server.
3. Log in with user who has access to sudo rule and run 'sudo -r unconfined_r -i'

# Actual results:

[root@blah ~]# id -Z
staff_u:staff_r:staff_t:s0-s0:c0.c1023

# Expected results:

[root@blah ~]# id -Z
staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Comment 3 Striker Leggette 2019-09-09 18:42:17 UTC 

*** This bug has been marked as a duplicate of bug 1738326 ***