Bug 1228745

Summary: [SELinux] snapper grub plugin can not search nscd_var_run_t
Product: [openSUSE] openSUSE Tumbleweed Reporter: Cathy Hu <cathy.hu>
Component: SecurityAssignee: Cathy Hu <cathy.hu>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: cathy.hu, pallaswept, security-team
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1228380    
Bug Blocks:    

Description Cathy Hu 2024-08-01 12:25:10 UTC 
+++ This bug was initially created as a clone of Bug #1228380 +++

----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:204): avc:  denied  { search } for  pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234 scontext=system_u:system_r:snapper_grub_plugin_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:205): avc:  denied  { search } for  pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234 scontext=system_u:system_r:snapper_grub_plugin_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----
Comment 1 Cathy Hu 2024-08-05 07:04:36 UTC 
fix: https://build.opensuse.org/request/show/1191606
Comment 3 pallas wept 2024-08-05 07:28:23 UTC 
Cheers Cathy! I noticed this one go through, as well as the ibft rule, for which I had some logs I now don't need to submit, so cheers again!
Comment 4 Cathy Hu 2024-08-09 13:14:18 UTC 
should be done, please reopen if the issue persists, thanks!