-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6.z
-
No
-
Moderate
-
1
-
rhel-security-selinux
-
1
-
False
-
False
-
-
None
-
SELINUX 251119: 15
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Upgrade from 4.1 to 4.19 with new bootupd-0.2.27-4.el9_6.x86_64, that adds option `--with-static-config` to `bootupctl adopt-and-update`, bootloader-migrate.service run (using command `bootupctl adopt-and-update --with-static-config`) successfully, but get denied logs.
The related PR is https://gitlab.com/redhat/rhel/rpms/rust-bootupd/-/merge_requests/3
bootloader-migrate.service is https://github.com/coreos/rhel-coreos-config/pull/23
[root@localhost core]# rpm-ostree status
State: idle
Deployments:
* b5835fe4a7ac1dc932bbbdf82771eaa7ef632caacbdf868a6e51f607b55a69f0
Version: 9.6.20250701-0 (2025-07-01T04:02:58Z)
pivot://quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:53389c9b4a00d7afebb98f7bd9d20348deb1d77ca4baf194f0ae1b582b7e965b
CustomOrigin: Provisioned from oscontainer
Version: 410.8.20190520.0 (2019-05-20T22:55:04Z)
[root@localhost core]# rpm -q bootupd selinux-policy
bootupd-0.2.27-4.el9_6.x86_64
selinux-policy-38.1.53-5.el9_6.noarch
[root@localhost core]# journalctl -u bootloader-migrate.service | cat
Jul 01 06:13:17 localhost.localdomain systemd[1]: Starting Static GRUB config migration...
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: ostree repo 'sysroot.bootloader' config option is not set yet
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Creating a backup of the current GRUB config on EFI
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Installed 05_ignition.cfg
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Installed: grub.cfg
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Installed: "redhat/grub.cfg"
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Static GRUB configuration has been adopted successfully.
Jul 01 06:13:20 localhost.localdomain bootupctl[885]: Adopted and updated: EFI: grub2-efi-x64-1:2.06-104.el9_6.x86_64,shim-x64-15.8-4.el9_3.x86_64
Jul 01 06:13:20 localhost.localdomain systemd[1]: Finished Static GRUB config migration.
[root@localhost core]# ausearch -m avc | more
----
time->Tue Jul 1 06:13:18 2025
type=PROCTITLE msg=audit(1751350398.070:12): proctitle=2F7573722F62696E2F626F6F7
4757063746C0061646F70742D616E642D757064617465002D2D776974682D7374617469632D636F6
E666967
type=PATH msg=audit(1751350398.070:12): item=0 name="/tmp" inode=11 dev=00:1f mo
de=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=NORM
AL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350398.070:12): cwd="/"
type=SYSCALL msg=audit(1751350398.070:12): arch=c000003e syscall=257 success=yes
exit=5 a0=ffffff9c a1=7fff042a5250 a2=490002 a3=1b6 items=1 ppid=1 pid=885 auid
=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) s
es=4294967295 comm="bootupctl" exe="/usr/bin/bootupctl" subj=system_u:system_r:b
ootupd_t:s0 key=(null)
type=AVC msg=audit(1751350398.070:12): avc: denied { write open } for pid=885
comm="bootupctl" path=2F746D702F233131202864656C6574656429 dev="tmpfs" ino=11 s
context=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclas
s=file permissive=1
type=AVC msg=audit(1751350398.070:12): avc: denied { write } for pid=885 comm
="bootupctl" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:bootupd_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1
----
time->Tue Jul 1 06:13:18 2025
type=PROCTITLE msg=audit(1751350398.268:17): proctitle=73666469736B002D4A002F646
5762F766461
type=PATH msg=audit(1751350398.268:17): item=0 name="/lib64/ld-linux-x86-64.so.2
" inode=21507666 dev=fc:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:ob
ject_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_froo
tid=0
type=CWD msg=audit(1751350398.268:17): cwd="/"
type=EXECVE msg=audit(1751350398.268:17): argc=3 a0="sfdisk" a1="-J" a2="/dev/vd
a"
type=SYSCALL msg=audit(1751350398.268:17): arch=c000003e syscall=59 success=yes
exit=0 a0=7f2904dfddc0 a1=562d34a535f0 a2=7fff042a6f58 a3=8 items=1 ppid=885 pid
=913 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty
=(none) ses=4294967295 comm="sfdisk" exe="/usr/sbin/sfdisk" subj=system_u:system
_r:bootupd_t:s0 key=(null)
type=AVC msg=audit(1751350398.268:17): avc: denied { map } for pid=913 comm="
sfdisk" path="/usr/sbin/sfdisk" dev="vda3" ino=21866426 scontext=system_u:system
_r:bootupd_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file permissiv
e=1
type=AVC msg=audit(1751350398.268:17): avc: denied { execute_no_trans } for p
id=913 comm="bootupctl" path="/usr/sbin/sfdisk" dev="vda3" ino=21866426 scontext
=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclas
s=file permissive=1
type=AVC msg=audit(1751350398.268:17): avc: denied { read open } for pid=913
comm="bootupctl" path="/usr/sbin/sfdisk" dev="vda3" ino=21866426 scontext=system
_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file
permissive=1
type=AVC msg=audit(1751350398.268:17): avc: denied { execute } for pid=913 co
mm="bootupctl" name="sfdisk" dev="vda3" ino=21866426 scontext=system_u:system_r:
bootupd_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file permissive=1
----
time->Tue Jul 1 06:13:18 2025
type=PROCTITLE msg=audit(1751350398.309:19): proctitle=73666469736B002D4A002F646
5762F766461
type=SYSCALL msg=audit(1751350398.309:19): arch=c000003e syscall=257 success=yes
exit=3 a0=ffffff9c a1=7ffc52567f3b a2=80000 a3=0 items=0 ppid=885 pid=913 auid=
4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) se
s=4294967295 comm="sfdisk" exe="/usr/sbin/sfdisk" subj=system_u:system_r:bootupd
_t:s0 key=(null)
type=AVC msg=audit(1751350398.309:19): avc: denied { open } for pid=913 comm=
"sfdisk" path="/dev/vda" dev="devtmpfs" ino=259 scontext=system_u:system_r:bootu
pd_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permis
sive=1
type=AVC msg=audit(1751350398.309:19): avc: denied { read } for pid=913 comm=
"sfdisk" name="vda" dev="devtmpfs" ino=259 scontext=system_u:system_r:bootupd_t:
s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=
1
----
time->Tue Jul 1 06:13:18 2025
type=PROCTITLE msg=audit(1751350398.315:20): proctitle=73666469736B002D4A002F646
5762F766461
type=SYSCALL msg=audit(1751350398.315:20): arch=c000003e syscall=16 success=yes
exit=0 a0=3 a1=80081272 a2=7ffc525664c0 a3=1 items=0 ppid=885 pid=913 auid=42949
67295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=429
4967295 comm="sfdisk" exe="/usr/sbin/sfdisk" subj=system_u:system_r:bootupd_t:s0
key=(null)
type=AVC msg=audit(1751350398.315:20): avc: denied { ioctl } for pid=913 comm
="sfdisk" path="/dev/vda" dev="devtmpfs" ino=259 ioctlcmd=0x1272 scontext=system
_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclas
s=blk_file permissive=1
----
time->Tue Jul 1 06:13:19 2025
type=PROCTITLE msg=audit(1751350399.284:29): proctitle=2F7573722F62696E2F626F6F7
4757063746C0061646F70742D616E642D757064617465002D2D776974682D7374617469632D636F6
E666967
type=PATH msg=audit(1751350399.284:29): item=0 name="/tmp" inode=23 dev=00:1f mo
de=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=NORM
AL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350399.284:29): cwd="/"
type=SYSCALL msg=audit(1751350399.284:29): arch=c000003e syscall=257 success=yes
exit=7 a0=ffffff9c a1=7fff042a5270 a2=490002 a3=1b6 items=1 ppid=1 pid=885 auid
=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) s
es=4294967295 comm="bootupctl" exe="/usr/bin/bootupctl" subj=system_u:system_r:b
ootupd_t:s0 key=(null)
type=AVC msg=audit(1751350399.284:29): avc: denied { write open } for pid=885
comm="bootupctl" path=2F746D702F233233202864656C6574656429 dev="tmpfs" ino=23 s
context=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclas
s=file permissive=1
type=AVC msg=audit(1751350399.284:29): avc: denied { write } for pid=885 comm
="bootupctl" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:bootupd_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1
----
time->Tue Jul 1 06:13:19 2025
type=PROCTITLE msg=audit(1751350399.844:32): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0067657400737973726F6F7
42E626F6F746C6F61646572
type=PATH msg=audit(1751350399.844:32): item=0 name="/lib64/ld-linux-x86-64.so.2
" inode=21507666 dev=fc:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:ob
ject_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_froo
tid=0
type=CWD msg=audit(1751350399.844:32): cwd="/"
type=EXECVE msg=audit(1751350399.844:32): argc=5 a0="ostree" a1="config" a2="--r
epo=/sysroot/ostree/repo" a3="get" a4="sysroot.bootloader"
type=SYSCALL msg=audit(1751350399.844:32): arch=c000003e syscall=59 success=yes
exit=0 a0=7f2904dfddc0 a1=562d34a603b0 a2=7fff042a6f58 a3=8 items=1 ppid=885 pid
=956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty
=(none) ses=4294967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_
r:bootupd_t:s0 key=(null)
type=AVC msg=audit(1751350399.844:32): avc: denied { map } for pid=956 comm="
ostree" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=system_u:system_
r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permissi
ve=1
type=AVC msg=audit(1751350399.844:32): avc: denied { execute_no_trans } for p
id=956 comm="bootupctl" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=
system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tcla
ss=file permissive=1
type=AVC msg=audit(1751350399.844:32): avc: denied { read open } for pid=956
comm="bootupctl" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=system_
u:system_r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file
permissive=1
type=AVC msg=audit(1751350399.844:32): avc: denied { execute } for pid=956 co
mm="bootupctl" name="ostree" dev="vda3" ino=21297469 scontext=system_u:system_r:
bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permissive
=1
----
time->Tue Jul 1 06:13:19 2025
type=PROCTITLE msg=audit(1751350399.962:33): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0067657400737973726F6F7
42E626F6F746C6F61646572
type=SYSCALL msg=audit(1751350399.962:33): arch=c000003e syscall=10 success=yes
exit=0 a0=558de8eae000 a1=2000 a2=1 a3=558de8e54000 items=0 ppid=885 pid=956 aui
d=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_r:bootup
d_t:s0 key=(null)
type=AVC msg=audit(1751350399.962:33): avc: denied { read } for pid=956 comm=
"ostree" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=system_u:system
_r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permiss
ive=1
----
time->Tue Jul 1 06:13:19 2025
type=PROCTITLE msg=audit(1751350399.983:35): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0067657400737973726F6F7
42E626F6F746C6F61646572
type=SYSCALL msg=audit(1751350399.983:35): arch=c000003e syscall=439 success=yes
exit=0 a0=4 a1=7ff5ce439c40 a2=2 a3=0 items=0 ppid=885 pid=956 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=429496729
5 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_r:bootupd_t:s0 key=(n
ull)
type=AVC msg=audit(1751350399.983:35): avc: denied { write } for pid=956 comm
="ostree" name="objects" dev="vda3" ino=3145860 scontext=system_u:system_r:bootu
pd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=dir permissive=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.023:37): proctitle=2F7573722F62696E2F626F6F7
4757063746C0061646F70742D616E642D757064617465002D2D776974682D7374617469632D636F6
E666967
type=PATH msg=audit(1751350400.023:37): item=0 name="/tmp" inode=25 dev=00:1f mo
de=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=NORM
AL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350400.023:37): cwd="/"
type=SYSCALL msg=audit(1751350400.023:37): arch=c000003e syscall=257 success=yes
exit=11 a0=ffffff9c a1=7fff042a5260 a2=490002 a3=1b6 items=1 ppid=1 pid=885 aui
d=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="bootupctl" exe="/usr/bin/bootupctl" subj=system_u:system_r:
bootupd_t:s0 key=(null)
type=AVC msg=audit(1751350400.023:37): avc: denied { write open } for pid=885
comm="bootupctl" path=2F746D702F233235202864656C6574656429 dev="tmpfs" ino=25 s
context=system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclas
s=file permissive=1
type=AVC msg=audit(1751350400.023:37): avc: denied { write } for pid=885 comm
="bootupctl" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:bootupd_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.047:39): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0073657400737973726F6F7
42E626F6F746C6F61646572006E6F6E65
type=PATH msg=audit(1751350400.047:39): item=0 name="/lib64/ld-linux-x86-64.so.2
" inode=21507666 dev=fc:03 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:ob
ject_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_froo
tid=0
type=CWD msg=audit(1751350400.047:39): cwd="/"
type=EXECVE msg=audit(1751350400.047:39): argc=6 a0="ostree" a1="config" a2="--r
epo=/sysroot/ostree/repo" a3="set" a4="sysroot.bootloader" a5="none"
type=SYSCALL msg=audit(1751350400.047:39): arch=c000003e syscall=59 success=yes
exit=0 a0=7f2904dfddc0 a1=562d34a5fe50 a2=7fff042a6f58 a3=8 items=1 ppid=885 pid
=965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty
=(none) ses=4294967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_
r:bootupd_t:s0 key=(null)
type=AVC msg=audit(1751350400.047:39): avc: denied { map } for pid=965 comm="
ostree" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=system_u:system_
r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permissi
ve=1
type=AVC msg=audit(1751350400.047:39): avc: denied { execute_no_trans } for p
id=965 comm="bootupctl" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=
system_u:system_r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tcla
ss=file permissive=1
type=AVC msg=audit(1751350400.047:39): avc: denied { open } for pid=965 comm=
"bootupctl" path="/usr/bin/ostree" dev="vda3" ino=21297469 scontext=system_u:sys
tem_r:bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file perm
issive=1
type=AVC msg=audit(1751350400.047:39): avc: denied { execute } for pid=965 co
mm="bootupctl" name="ostree" dev="vda3" ino=21297469 scontext=system_u:system_r:
bootupd_t:s0 tcontext=system_u:object_r:install_exec_t:s0 tclass=file permissive
=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.113:42): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0073657400737973726F6F7
42E626F6F746C6F61646572006E6F6E65
type=PATH msg=audit(1751350400.113:42): item=0 name="." inode=3132294 dev=fc:03
mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_conf_t:s0 nam
etype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350400.113:42): cwd="/"
type=SYSCALL msg=audit(1751350400.113:42): arch=c000003e syscall=257 success=yes
exit=7 a0=3 a1=7f76abbb9b80 a2=490001 a3=180 items=1 ppid=885 pid=965 auid=4294
967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=42
94967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_r:bootupd_t:s0
key=(null)
type=AVC msg=audit(1751350400.113:42): avc: denied { write } for pid=965 comm
="ostree" path=2F737973726F6F742F6F73747265652F7265706F2F23333133323239342028646
56C6574656429 dev="vda3" ino=3132294 scontext=system_u:system_r:bootupd_t:s0 tco
ntext=system_u:object_r:system_conf_t:s0 tclass=file permissive=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.116:44): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0073657400737973726F6F7
42E626F6F746C6F61646572006E6F6E65
type=SYSCALL msg=audit(1751350400.116:44): arch=c000003e syscall=91 success=yes
exit=0 a0=7 a1=180 a2=0 a3=180 items=0 ppid=885 pid=965 auid=4294967295 uid=0 gi
d=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="
ostree" exe="/usr/bin/ostree" subj=system_u:system_r:bootupd_t:s0 key=(null)
type=AVC msg=audit(1751350400.116:44): avc: denied { setattr } for pid=965 co
mm="ostree" name="#3132294" dev="vda3" ino=3132294 scontext=system_u:system_r:bo
otupd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file permissive=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.121:45): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0073657400737973726F6F7
42E626F6F746C6F61646572006E6F6E65
type=PATH msg=audit(1751350400.121:45): item=1 name=(null) inode=3132294 dev=fc:
03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_conf_t:s0
nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1751350400.121:45): item=0 name=(null) inode=2117762 dev=fc:
03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_conf_t:s0 n
ametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350400.121:45): cwd="/"
type=SYSCALL msg=audit(1751350400.121:45): arch=c000003e syscall=265 success=yes
exit=0 a0=ffffff9c a1=7fff1eb9b680 a2=3 a3=7fff1eb9b650 items=2 ppid=885 pid=96
5 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(n
one) ses=4294967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_r:b
ootupd_t:s0 key=(null)
type=AVC msg=audit(1751350400.121:45): avc: denied { link } for pid=965 comm=
"ostree" name="#3132294" dev="vda3" ino=3132294 scontext=system_u:system_r:bootu
pd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file permissive=1
type=AVC msg=audit(1751350400.121:45): avc: denied { add_name } for pid=965 c
omm="ostree" name="#3132294" dev="vda3" ino=3132294 scontext=system_u:system_r:b
ootupd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=dir permissive=1
----
time->Tue Jul 1 06:13:20 2025
type=PROCTITLE msg=audit(1751350400.121:46): proctitle=6F737472656500636F6E66696
7002D2D7265706F3D2F737973726F6F742F6F73747265652F7265706F0073657400737973726F6F7
42E626F6F746C6F61646572006E6F6E65
type=PATH msg=audit(1751350400.121:46): item=1 name=(null) inode=3132294 dev=fc:
03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_conf_t:s0
nametype=CREATE cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(1751350400.121:46): item=0 name=(null) inode=2117762 dev=fc:
03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:system_conf_t:s0 n
ametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(1751350400.121:46): cwd="/"
type=SYSCALL msg=audit(1751350400.121:46): arch=c000003e syscall=264 success=yes
exit=0 a0=3 a1=7fff1eb9b650 a2=3 a3=7f76ac73d689 items=2 ppid=885 pid=965 auid=
4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) se
s=4294967295 comm="ostree" exe="/usr/bin/ostree" subj=system_u:system_r:bootupd_
t:s0 key=(null)
type=AVC msg=audit(1751350400.121:46): avc: denied { unlink } for pid=965 com
m="ostree" name="config" dev="vda3" ino=3132293 scontext=system_u:system_r:bootu
pd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file permissive=1
type=AVC msg=audit(1751350400.121:46): avc: denied { rename } for pid=965 com
m="ostree" name="tmp.XJSOvw" dev="vda3" ino=3132294 scontext=system_u:system_r:b
ootupd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file permissive=1
type=AVC msg=audit(1751350400.121:46): avc: denied { remove_name } for pid=96
5 comm="ostree" name="tmp.XJSOvw" dev="vda3" ino=3132294 scontext=system_u:syste
m_r:bootupd_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=dir permissi
ve=1
- is related to
-
-
- Closed
-
