Bug 1217530 - [SELinux] support /bin/alts in the policy
Summary: [SELinux] support /bin/alts in the policy
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Cathy Hu
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-27 15:12 UTC by Cathy Hu
Modified: 2024-06-06 10:40 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cathy Hu 2023-11-27 15:12:19 UTC 
a lot of binaries symlink to /bin/alts, which is an alternative to update-alternatives, see:
https://github.com/openSUSE/libalternatives
https://manpages.opensuse.org/Tumbleweed/alts/alts.1.en.html

this causes issues like e.g. bsc#1216903 because:
```
$ ls -Zal /usr/sbin/iptables
lrwxrwxrwx. 1 root root system_u:object_r:bin_t:s0 11 Oct 24 20:13 /usr/sbin/iptables -> ../bin/alts*
```

/sbin/iptables should be labeled iptables_exec_t to work properly, but /bin/alts should not

so we need to adjust the policy to support that
Comment 1 OBSbugzilla Bot 2024-03-13 17:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1217530) was mentioned in
https://build.opensuse.org/request/show/1157662 Factory / selinux-policy
Comment 2 Cathy Hu 2024-03-14 08:23:29 UTC 
submitted to factory, done