Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-107507

[rhel-9] avc: denied { prog_run } for pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Moderate
    • rhel-container-tools
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      running podman test as root, trigger the following avc denial:

      SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-38.1.62-1.el9.noarch
----
time->Sun Aug  3 05:10:21 2025
type=AVC msg=audit(1754197821.813:224): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:22 2025
type=AVC msg=audit(1754197822.468:247): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:22 2025
type=AVC msg=audit(1754197822.991:270): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:23 2025
type=AVC msg=audit(1754197823.532:293): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:24 2025
type=AVC msg=audit(1754197824.028:316): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:24 2025
type=AVC msg=audit(1754197824.534:339): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0
----
time->Sun Aug  3 05:10:25 2025
type=AVC msg=audit(1754197825.939:362): avc:  denied  { prog_run } for  pid=1 comm="systemd" scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:unconfined_r:container_runtime_t:s0 tclass=bpf permissive=0

      Please provide the package NVR for which the bug is seen:

      selinux-policy-38.1.62-1.el9.noarch

      podman-tests-5.5.1-1.el9

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. test wrapper from https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/tree/main/container/podman
      2.  
      3.  

      Expected results

      Actual results

              lmandvek Lokesh Mandvekar
              bgoncalv@redhat.com Bruno Goncalves
              Container Runtime Eng Bot Container Runtime Eng Bot
              Container Runtime Bugs Bot Container Runtime Bugs Bot
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: