-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
rhel-10.2
-
No
-
None
-
rhel-security-selinux
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
avc denial when running stress-ng on recent rhel-10.2 composes.
type=PROCTITLE msg=audit(09/19/25 07:17:48.379:1931) : proctitle=/opt/stress-ng/stress-ng --resources 1 --timeout 5 --log-file resources.log type=SYSCALL msg=audit(09/19/25 07:17:48.379:1931) : arch=x86_64 syscall=ftruncate success=no exit=EACCES(Permission denied) a0=0xa a1=0x1000 a2=0x7fad7ee359f6 a3=0x9 items=0 ppid=483317 pid=483538 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=65 comm=stress-ng exe=/opt/stress-ng/stress-ng subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(09/19/25 07:17:48.379:1931) : avc: denied { write } for pid=483538 comm=stress-ng name=secretmem dev="secretmem" ino=6701213 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:secretmem_t:s0 tclass=anon_inode permissive=0
Please provide the package NVR for which the bug is seen:
audit-4.0.3-4.el10.x86_64 selinux-policy-42.1.7-1.el10.noarch
How reproducible is this bug?:
it should be easy to reproduce it by running stress-ng
Steps to reproduce
- stress-ng wrapper: https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/tree/main/stress/stress-ng?ref_type=heads
example: https://artifacts.osci.redhat.com/testing-farm/8a8ad8b1-acbb-47cd-8702-5bed3d9e52e9/#work-baremetal1fcvmkzn_plans-upstream-kernel-tier1-baremetal_5_default-0
cki tracker: https://datawarehouse.cki-project.org/issue/4185
- links to
