search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
156 stars 157 forks source link

Dontaudit domain write cgroup files #2209

Closed zpytela closed 6 hours ago

zpytela commented 5 days ago

This rule is added to prevent from reporting bugs since there currently is not a clear way how to address the problem how to allow domains write to /sys/fs/cgroup/system.slice/servicename.service/memory.pressure, but not give the write access completely to the cgroup filesystem.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=2294402

packit-as-a-service[bot] commented 5 days ago

Cockpit tests failed for commit 9a67681c4d08ed06fcabfd1814b49a2083e8f9df. @martinpitt, @jelly, @mvollmer please check.

martinpitt commented 4 days ago

Unrelated cockpit failure. reportd got removed from Rawhide, so trying to install it now fails. I sent https://github.com/cockpit-project/cockpit/pull/20696 to adapt. After that lands, I'll re-run all the recent failures here.

martinpitt commented 4 days ago

@zpytela The above PR landed, and I restarted all four recent affected selinux PRs. Sorry for the noise..