bugs icon indicating copy to clipboard operation
bugs copied to clipboard

Published 20 hours ago verified publisher icon coreos

SELinux settings get overwritten after reboot

Open JensVD opened this issue 5 years ago • 2 comments

Issue Report

Bug

Container Linux Version

NAME="Container Linux by CoreOS"
ID=coreos
VERSION=2051.2.0
VERSION_ID=2051.2.0
BUILD_ID=2019-03-11-0556
PRETTY_NAME="Container Linux by CoreOS 2051.2.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Environment

Swarm cluster of 2 - 10 instances running on VMWare

Expected Behavior

After executing all steps on 'https://coreos.com/os/docs/latest/selinux.html' and doing a reboot we expect that these changes are persistent. Meaning that the removed files aren't placed back in the '/etc/audit/rules.d/' directory.

Actual Behavior

All steps are followed, no issues. After reboot everything is back to it's default configuration; removed files are back in the '/etc/audit/rules.d/' directory.

Reproduction Steps

  1. Follow the steps on 'https://coreos.com/os/docs/latest/selinux.html'
  2. Reboot the CoreOS instance
  3. Check the files in the '/etc/audit/rules.d/' directory

Other Information

Did some research on my own and saw that these rules files are linked from the read-only filesystem '/usr/share'. I suppose this is what is done during boot (https://github.com/coreos/coreos-overlay/blob/master/sys-process/audit/files/audit-rules.tmpfiles) but there should be a way to overwrite this.

JensVD avatar Mar 26 '19 06:03 JensVD

Run sudo ln -s /dev/null /etc/tmpfiles.d/audit-rules.conf to disable it.

dm0- avatar Mar 26 '19 13:03 dm0-

This does indeed make it persistent, thank you! Is this documented anywhere?

JensVD avatar Mar 27 '19 12:03 JensVD