k3s-selinux icon indicating copy to clipboard operation
k3s-selinux copied to clipboard
verified publisher icon k3s-io

Move /var/run fc entries to /run

Open ca-hu opened this issue 1 year ago • 2 comments

/var/run is a symlink to /run in microos.

Currently the selinux-policy package has a rule for file contexts from /run/ use to the same file context specified in /var/run/.

The upcoming main selinux-policy package update will change the direction of that "forwarding", so /var/run will follow the rules in /run. This way, the file context entries will match the actual filesystem path.

All existing file context entries in custom modules based on the /var/run path need to change to /run, otherwise there is no rule for /var/run entries to "be forwarded to" in /run.

ca-hu avatar Apr 11 '24 10:04 ca-hu

This is also happening in fedora, see: https://github.com/fedora-selinux/selinux-policy/commit/1f76e522ab3e4c6faafde161036aa5bb49a0cbe0

I did not add a commit for fedora/coreos since I don't really know your setup there.

ca-hu avatar Apr 11 '24 10:04 ca-hu

This is blocking our policy update ATM. Can you please work on this? We'll wait until next week, but then we'll update our package, which will break your build

jsegitz avatar May 06 '24 12:05 jsegitz