Bug 1228745 - [SELinux] snapper grub plugin can not search nscd_var_run_t
Summary: [SELinux] snapper grub plugin can not search nscd_var_run_t
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other openSUSE Tumbleweed
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Cathy Hu
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on: 1228380
Blocks:
  Show dependency treegraph
 
Reported: 2024-08-01 12:25 UTC by Cathy Hu
Modified: 2024-08-05 07:28 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2024-08-01 12:25:10 UTC 
+++ This bug was initially created as a clone of Bug #1228380 +++

----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:204): avc:  denied  { search } for  pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234 scontext=system_u:system_r:snapper_grub_plugin_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----
time->Thu Aug  1 19:17:34 2024
type=AVC msg=audit(1722503854.212:205): avc:  denied  { search } for  pid=14253 comm="grub" name="nscd" dev="tmpfs" ino=4234 scontext=system_u:system_r:snapper_grub_plugin_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir permissive=0
----
Comment 1 Cathy Hu 2024-08-05 07:04:36 UTC 
fix: https://build.opensuse.org/request/show/1191606
Comment 3 pallas wept 2024-08-05 07:28:23 UTC 
Cheers Cathy! I noticed this one go through, as well as the ibft rule, for which I had some logs I now don't need to submit, so cheers again!