Bug 2151856
Summary: | Access to /etc/resolv.conf file is denied by selinux for Puma Webserver when it's a symlink or systemd-resolved is explicitly being used | |||
---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Sayan Das <saydas> | |
Component: | SELinux | Assignee: | Ewoud Kohl van Wijngaarden <ekohlvan> | |
Status: | CLOSED ERRATA | QA Contact: | Adam Ruzicka <aruzicka> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 6.11.4 | CC: | aruzicka, pcreech, pdwyer | |
Target Milestone: | 6.13.0 | Keywords: | Triaged | |
Target Release: | Unused | |||
Hardware: | All | |||
OS: | All | |||
Whiteboard: | ||||
Fixed In Version: | foreman-selinux-3.5.0 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 2184131 (view as bug list) | Environment: | ||
Last Closed: | 2023-05-03 13:23:38 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Sayan Das
2022-12-08 11:04:48 UTC
FYI, I tested this using Hardlink instead of softlink, and that works fine as long as both hardlink and original file has the net_conf_t context. Upstream bug assigned to ekohlvan Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/34807 has been resolved. Took a fresh 6.13 snap 4 and followed steps from #0. I have not encountered any denials nor have I noticed any odd behavior, the rule allowing foreman_rails_t to read symlinks labeled with net_conf_t is present. Moving to verified. # rpm -q satellite foreman-selinux satellite-6.13.0-2.stream.el8sat.noarch foreman-selinux-3.5.1-1.el8sat.noarch # sesearch -t net_conf_t --allow | grep foreman_rails_t allow foreman_rails_t net_conf_t:file { getattr ioctl lock open read }; allow foreman_rails_t net_conf_t:lnk_file read; Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: Satellite 6.13 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:2097 |