Bug 2127902
Summary: | Insights compliance service is run from cron instead of systemd which have different SELinux context and leads to AVCs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Riya Banerjee <ribanerj> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | high | ||
Version: | 8.6 | CC: | jafiala, lvrabec, mmalik, pakotvan, peter.vreman, zpytela |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.8 | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2023-05-16 09:04:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Riya Banerjee
2022-09-19 10:33:47 UTC
> [cb/LI] hoiroot@li-lc-2105:~$ cat /etc/cron.d/hoi-insights-scap
> 30 1 * * * root /opt/hoi/bin/hoi-cron-wrapper '/usr/bin/insights-client --compliance 2>&1'
Where do these files come from, are they a part of a customer's setup?
I've checked both system and user cronjobs executing insights-client directly do not trigger any issue with the latest selinux-policy package in place. Using a custom wrapper is not considered as a supported scenario. No compliance issues seen anymore with the latest selinux-policy-3.14.3-95.el8_6.6 For me the BZ can be closed Peter, Thank you for conforming. This bz will follow the internal process and will be closed with RHEL 8.8 GA. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2965 |