Hide Forgot
Description of problem: * SELinux policy defines types: utempter_t (process type) and utempter_exec_t (file type) * but there is an incorrect file context pattern which means that the utempter binary is not labeled utempter_exec_t which means that no process transitions into utempter_t domain Version-Release number of selected component (if applicable): libutempter-1.1.6-14.el8.x86_64 selinux-policy-3.14.3-9.el8.noarch selinux-policy-targeted-3.14.3-9.el8.noarch How reproducible: * always Steps to Reproduce: # semanage fcontext -l | grep utempter /usr/sbin/utempter regular file system_u:object_r:utempter_exec_t:s0 # ls -l /usr/sbin/utempter ls: cannot access '/usr/sbin/utempter': No such file or directory # ls -lZ /usr/libexec/utempter/utempter -rwx--s--x. 1 root utmp system_u:object_r:bin_t:s0 13096 Aug 12 2018 /usr/libexec/utempter/utempter # rpm -qf /usr/libexec/utempter/utempter libutempter-1.1.6-14.el8.x86_64 # Actual results: * /usr/libexec/utempter/utempter is labeled incorrectly Expected results: * /usr/libexec/utempter/utempter is labeled correctly
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3547