Bug 1217442

Summary: Upgrade of selinux-policy-targetd to 20231030-1.1 breaks privileged containers
Product: [openSUSE] openSUSE Tumbleweed Reporter: Pruessmann <boris>
Component: SecurityAssignee: Johannes Segitz <jsegitz>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: boris
Version: CurrentFlags: jsegitz: needinfo? (boris)
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Pruessmann 2023-11-23 10:29:27 UTC 
After selinux-policy-targetd got updated from 20231012-1.1 to 20231030-1.1, I am having issues running Longhorn on my SELinux enabled systems. 

Investigation by the Longhorn team resulted in https://github.com/k3s-io/k3s-selinux/issues/53 being filed, but I strongly suspect that this is rather related to selinux-policy commit "Update to version 20231030: Big policy sync with upstream policy".

I am not a SELinux expert and have no idea about the correct behavior. I can just say that this seemed to work properly beforehand.
Comment 1 Johannes Segitz 2024-05-15 11:15:35 UTC 
sorry this got lost from my list. I just tried this with a current tumblweed and this seems to work fine

system_u:system_r:spc_t:s0      65535     4090  0.0  0.0    972   128 ?        Ss   10:54   0:00 /pause

is still a problem for you?
Comment 2 Johannes Segitz 2024-06-10 13:50:05 UTC 
Please reopen if this is still relevant