Bug 2007960
| Summary: | SELinux prevents the systemd process from watching the /etc/insights-client/.lastupload file | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Frank Liang <xiliang> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.0 | CC: | ldu, linl, lvrabec, mmalik, ssekidde, stomsa, vkuznets, ymao, yuxisun |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 9.0 | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-34.1.17-1.el9 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 15:49:48 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: selinux-policy), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3918 |
Commits to backport: commit 4be7f9f3231b166effc968d3fb3dbc25cf9dbd41 Author: Zdenek Pytela <zpytela> Date: Wed Jul 7 19:18:25 2021 +0200 Remove references to init_watch_path_type attribute The original idea of using the init_watch_path_type attribute for allowing systemd watch particular directories has never been brought to life, so deprecating the init_watch_dir() interface and removing all references to init_watch_path_type. commit 2d28a7a8e01a5bac52fc7085eadf566f663cb74a Author: Zdenek Pytela <zpytela> Date: Wed Jul 7 19:14:11 2021 +0200 Remove all redundant watch permissions for systemd Since systemd was allowed watch permissions for any directory, file, or lnk_file in the non_security_file_type attribute, individual interface calls are now redundant. commit 4aee48a2cf002b5335619ba689831222db2aa13b Author: Zdenek Pytela <zpytela> Date: Wed Jul 7 19:09:39 2021 +0200 Allow systemd watch non_security_file_type dirs, files, lnk_files In the systemd path unit files, any path can be used for watching. In this commit the watch permission is allowed for any directory, file, or lnk_file in the non_security_file_type attribute. The files_watch_non_security_files() and files_watch_non_security_lnk_files() interfaces were added.