Bug 2170220
| Summary: | DISA STIG with GUI in Red Hat Enterprise 9 causes the upower service to fail | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | mkielian <mkielian> | ||||
| Component: | systemd | Assignee: | systemd maint <systemd-maint> | ||||
| Status: | NEW --- | QA Contact: | Frantisek Sumsal <fsumsal> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 9.0 | CC: | sbarcomb, systemd-maint-list | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | Bug | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
mkielian@redhat.com
2023-02-15 22:14:32 UTC
The security profile seems to disable user namespacing, which means systemd can't launch the service at all: Feb 14 13:23:43 localhost systemd[1047]: upower.service: Failed to set up user namespacing: No space left on device upower isn't even run. user namespacing is used by systemd to provide upower with some sandboxing which protects the system from being made vulnerable if upower were to have bugs that weakened its security. This problem will also impact a lot of other daemons that also use systemd's sandboxing to minimise their attack surface. Reassigning to systemd so they can figure out a better error message for this problem, and reassign to the security profile if needed. |