Bug 1730500 - Unconfined domains should be allowed to setattr on lnk_files in /proc
Summary: Unconfined domains should be allowed to setattr on lnk_files in /proc
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.1
Hardware: All
OS: Linux
Target Milestone: rc
: 8.1
Assignee: Lukas Vrabec
QA Contact: Milos Malik
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-16 22:43 UTC by Daniel Walsh
Modified: 2020-11-14 06:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-11-05 22:12:08 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3547 0 None None None 2019-11-05 22:12:18 UTC

Description Daniel Walsh 2019-07-16 22:43:22 UTC
Could you add

allow unconfined_domain self:lnk_file setattr;

This will help speed up fuse-overlay when running in containers.

Comment 3 Milos Malik 2019-07-17 08:09:46 UTC
Should the rule be enabled by default or should it be part of a boolean?

Comment 4 Lukas Vrabec 2019-07-17 08:16:05 UTC

It's unconfined domain attribute, we could enable it by default.

Comment 5 Daniel Walsh 2019-07-18 10:42:05 UTC
Yes it should be enabled by default.

Comment 9 errata-xmlrpc 2019-11-05 22:12:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.