2134390 – passwd and chpasswd (passwd_exec_t) should always run confined as "passwd_t"

Bug 2134390 - passwd and chpasswd (passwd_exec_t) should always run confined as "passwd_t"

Summary: passwd and chpasswd (passwd_exec_t) should always run confined as "passwd_t"

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	8.6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	8.9
Assignee:	Zdenek Pytela
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-10-13 10:28 UTC by Renaud Métrich
Modified:	2023-08-17 07:29 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-136311	0	None	None	None	2022-10-13 10:42:39 UTC

Comment 1 Zdenek Pytela 2022-10-17 15:12:12 UTC

Adding a short note after the first team discussion:

There seems to be a conflict between
1. An unconfined service is not confined
2. The passwd command is always confined

It is questionable which rule should prevail.

I will update this bz as soon as some additional information is found.

Note You need to log in before you can comment on or make changes to this bug.