-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
None
-
No
-
Moderate
-
subs-client-tools
-
3
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
This bug happens with selinux-policy-41.38-1.fc43:
#============= insights_core_t ==============
- src=“insights_core_t” tgt=“user_tmp_t” class=“sock_file”, perms=“write”
- comm=“pg-connect-ag” exe=“” path=“”
allow insights_core_t user_tmp_t:sock_file write;
type=PROCTITLE msg=audit(04/23/2025 21:20:33.143:121) : proctitle=gpg-connect-agent --homedir /var/lib/insights/tmpx554n3h7 -s --no-autostart GETINFO tpm2d_running /if ${! $?} scd killtpm2cd /en
type=PATH msg=audit(04/23/2025 21:20:33.143:121) : item=0 name=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent inode=51 dev=00:2d mode=socket,700 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(04/23/2025 21:20:33.143:121) : cwd=/
type=SOCKADDR msg=audit(04/23/2025 21:20:33.143:121) : saddr={ saddr_fam=local path=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent }
type=SYSCALL msg=audit(04/23/2025 21:20:33.143:121) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffff0ad67b0 a2=0x3a a3=0x0 items=1 ppid=1570 pid=1572 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gpg-connect-age exe=/usr/bin/gpg-connect-agent subj=system_u:system_r:insights_core_t:s0 key=(null)
type=AVC msg=audit(04/23/2025 21:20:33.143:121) : avc: denied { write } for pid=1572 comm=gpg-connect-age name=S.gpg-agent dev=“tmpfs” ino=51 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=sock_file permissive=0
type=PROCTITLE msg=audit(04/23/2025 21:20:33.146:122) : proctitle=gpg-connect-agent --homedir /var/lib/insights/tmpx554n3h7 -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
type=PATH msg=audit(04/23/2025 21:20:33.146:122) : item=0 name=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent inode=51 dev=00:2d mode=socket,700 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(04/23/2025 21:20:33.146:122) : cwd=/
type=SOCKADDR msg=audit(04/23/2025 21:20:33.146:122) : saddr={ saddr_fam=local path=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent }
type=SYSCALL msg=audit(04/23/2025 21:20:33.146:122) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7fffb4db5dd0 a2=0x3a a3=0x0 items=1 ppid=1570 pid=1573 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gpg-connect-age exe=/usr/bin/gpg-connect-agent subj=system_u:system_r:insights_core_t:s0 key=(null)
type=AVC msg=audit(04/23/2025 21:20:33.146:122) : avc: denied { write } for pid=1573 comm=gpg-connect-age name=S.gpg-agent dev=“tmpfs” ino=51 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=sock_file permissive=0
type=PROCTITLE msg=audit(04/23/2025 21:20:33.148:123) : proctitle=gpg-connect-agent --homedir /var/lib/insights/tmpx554n3h7 --no-autostart KILLAGENT
type=PATH msg=audit(04/23/2025 21:20:33.148:123) : item=0 name=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent inode=51 dev=00:2d mode=socket,700 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:user_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(04/23/2025 21:20:33.148:123) : cwd=/
type=SOCKADDR msg=audit(04/23/2025 21:20:33.148:123) : saddr={ saddr_fam=local path=/run/user/0/gnupg/d.yfe5giqwonnmxmhjrkfa1df6/S.gpg-agent }
type=SYSCALL msg=audit(04/23/2025 21:20:33.148:123) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffedfcdd3b0 a2=0x3a a3=0x0 items=1 ppid=1570 pid=1574 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gpg-connect-age exe=/usr/bin/gpg-connect-agent subj=system_u:system_r:insights_core_t:s0 key=(null)
type=AVC msg=audit(04/23/2025 21:20:33.148:123) : avc: denied { write } for pid=1574 comm=gpg-connect-age name=S.gpg-agent dev=“tmpfs” ino=51 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:user_tmp_t:s0 tclass=sock_file permissive=0