Bug 2208122
| Summary: | Need to backport selinux-policy as the boolean "init_create_mountpoints" which is used for systemd to be able to create mount points is not present as of now. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Prashant Thakur <prathaku> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | NEW --- | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.2 | CC: | lvrabec, mashelke, mmalik, qguo, zpytela |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | zpytela:
needinfo?
(prathaku) |
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 3
mashelke
2023-07-13 02:37:09 UTC
This bug has not been fully acknowledged by the subsystem to be resolved during the RHEL 9.3 development and testing phase, so it will be evaluated for inclusion into the next minor product update. The refpolicy commit referred to cannot unfortunately be backported directly.
It would be helpful to elaborate on the use case mentioned in #c0 to assess:
> When using systemd mount namespace isolation, selinux blocks the creation of private namespaced mounts. This reduces the ease of setting up stronger security.
|