Bug 2208122 - Need to backport selinux-policy as the boolean "init_create_mountpoints" which is used for systemd to be able to create mount points is not present as of now. [NEEDINFO]
Summary: Need to backport selinux-policy as the boolean "init_create_mountpoints" whic...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: selinux-policy
Version: 9.2
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Zdenek Pytela
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-18 04:00 UTC by Prashant Thakur
Modified: 2023-08-11 15:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:
zpytela: needinfo? (prathaku)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-157554 0 None None None 2023-05-18 04:01:22 UTC

Comment 3 mashelke 2023-07-13 02:37:09 UTC 
Hello Zdenek Pytela,

Can we please have update on this BZ , please let us know if you need more details from the GSS side.

Thanks & Regards,
Mahesh Shelke
Associate Manager, Customer Experience and Engagement
Comment 4 Zdenek Pytela 2023-08-11 15:05:55 UTC 
This bug has not been fully acknowledged by the subsystem to be resolved during the RHEL 9.3 development and testing phase, so it will be evaluated for inclusion into the next minor product update. The refpolicy commit referred to cannot unfortunately be backported directly.

It would be helpful to elaborate on the use case mentioned in #c0 to assess:
> When using systemd mount namespace isolation, selinux blocks the creation of private namespaced mounts.  This reduces the ease of setting up stronger security.
Note You need to log in before you can comment on or make changes to this bug.