System is not complying to CIS Server Level 2 due to having custom services run in "unconfined_service_t" context
Issue
-
CIS Server Level 2 benchmark "Ensure No Daemons are Unconfined by SELinux" rule fails due having some custom services run in
unconfined_service_t
SELinux contextTo check for unconfined daemons, run the following command:
$ sudo ps -eZ | grep "unconfined_service_t"
It should produce no output in a well-configured system (unless known bugs are hit).
Environment
- Red Hat Enterprise Linux 8 (RHEL8) and later
- CIS Server Level 2 benchmark
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.