Bug 2145266
| Summary: | Move back security classes to comply with the Stability kbase | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Zdenek Pytela <zpytela> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 9.2 | CC: | lvrabec, mmalik, zpytela |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 9.2 | Flags: | pm-rhel:
mirror+
|
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-38.1.2-1.el9 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-09 08:16:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2483 |
Description of problem: With the ca313456b ("refpolicy: drop unused socket security classes") commit, unused security classes were removed from Fedora selinux-policy. This happened after RHEL 9 beta branched off Fedora 34 and it was not reverted in RHEL 9 before GA, so it needs to be reverted now after the policy was rebased to Fedora version to comply with the SELinux policy API stability document. Additionally, the following RHEL 9.0 commit needs to be merged again as it was a RHEL-only commit: bb3828b47 Remove label for /usr/sbin/bgpd Version-Release number of selected component (if applicable): selinux-policy-38.1.1-1.el9.noarch How reproducible: always Steps to Reproduce: 1. rhel92# seinfo -c bridge_socket 2. rhel92# matchpathcon /usr/sbin/bgpd Actual results: Classes: 0 /usr/sbin/bgpd system_u:object_r:zebra_exec_t:s0 Expected results: Classes: 1 bridge_socket /usr/sbin/bgpd system_u:object_r:bin_t:s0 Additional info: