Bug 1217442 - Upgrade of selinux-policy-targetd to 20231030-1.1 breaks privileged containers
Summary: Upgrade of selinux-policy-targetd to 20231030-1.1 breaks privileged containers
Status: RESOLVED INVALID
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other openSUSE Tumbleweed
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Johannes Segitz
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-23 10:29 UTC by Pruessmann
Modified: 2024-06-10 13:50 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
jsegitz: needinfo? (boris)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pruessmann 2023-11-23 10:29:27 UTC 
After selinux-policy-targetd got updated from 20231012-1.1 to 20231030-1.1, I am having issues running Longhorn on my SELinux enabled systems. 

Investigation by the Longhorn team resulted in https://github.com/k3s-io/k3s-selinux/issues/53 being filed, but I strongly suspect that this is rather related to selinux-policy commit "Update to version 20231030: Big policy sync with upstream policy".

I am not a SELinux expert and have no idea about the correct behavior. I can just say that this seemed to work properly beforehand.
Comment 1 Johannes Segitz 2024-05-15 11:15:35 UTC 
sorry this got lost from my list. I just tried this with a current tumblweed and this seems to work fine

system_u:system_r:spc_t:s0      65535     4090  0.0  0.0    972   128 ?        Ss   10:54   0:00 /pause

is still a problem for you?
Comment 2 Johannes Segitz 2024-06-10 13:50:05 UTC 
Please reopen if this is still relevant