Bug 1730500 - Unconfined domains should be allowed to setattr on lnk_files in /proc
Summary: Unconfined domains should be allowed to setattr on lnk_files in /proc
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: 8.1
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-16 22:43 UTC by Daniel Walsh
Modified: 2019-11-05 22:12 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-11-05 22:12:08 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3547 None None None 2019-11-05 22:12:18 UTC

Description Daniel Walsh 2019-07-16 22:43:22 UTC
Could you add

allow unconfined_domain self:lnk_file setattr;

This will help speed up fuse-overlay when running in containers.

Comment 3 Milos Malik 2019-07-17 08:09:46 UTC
Should the rule be enabled by default or should it be part of a boolean?

Comment 4 Lukas Vrabec 2019-07-17 08:16:05 UTC
Milos, 

It's unconfined domain attribute, we could enable it by default.

Comment 5 Daniel Walsh 2019-07-18 10:42:05 UTC
Yes it should be enabled by default.

Comment 9 errata-xmlrpc 2019-11-05 22:12:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3547


Note You need to log in before you can comment on or make changes to this bug.