Bug 2021529 - Secure_mode boolean allows staff SELinux user switch to unconfined
Summary: Secure_mode boolean allows staff SELinux user switch to unconfined
Keywords:
Status: CLOSED DUPLICATE of bug 2076681
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: selinux-policy
Version: 9.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: 9.1
Assignee: Zdenek Pytela
QA Contact: Milos Malik
Mirek Jahoda
URL:
Whiteboard:
: 2023462 (view as bug list)
Depends On: 1947841 2022763 2076681
Blocks: 1778780
TreeView+ depends on / blocked
 
Reported: 2021-11-09 14:34 UTC by Zdenek Pytela
Modified: 2022-11-07 10:07 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.SELinux `staff_u` users can incorrectly switch to `unconfined_r` When the `secure_mode` boolean is enabled, `staff_u` users can incorrectly switch to the `unconfined_r` role. As a consequence, `staff_u` users can perform privileged operations affecting the security of the system.
Clone Of: 1947841
Environment:
Last Closed: 2022-08-03 15:26:13 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-102174 0 None None None 2021-11-09 14:39:26 UTC

Comment 3 Zdenek Pytela 2021-11-16 07:35:41 UTC 
*** Bug 2023462 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.