Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-128460

AVC for "allow insights_core_t rhsmcertd_var_run_t:dir write;"

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.2
    • rhel-10.2
    • insights-core
    • None
    • insights-core-3.6.10.1-1.el10
    • None
    • Moderate
    • insights-adv-framework
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      AVC for "allow insights_core_t rhsmcertd_var_run_t:dir write;" shows up.

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      Use the insights-core/insights-core-selinux in https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=69434915

      which for bug RHEL-126369. RHEL-126369 is verified, and the rpm fix unblocks this new AVC.

      [root@kvm-08-guest39 ~]# rpm -qa | grep insights

      insights-core-selinux-3.6.9.1-master.20.el10.noarch

      insights-core-3.6.9.1-master.20.el10.noarch

      insights-client-3.10.2-1.el10.noarch

      insights-client-ros-3.10.2-1.el10.noarch

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. Use systemd to collect data

      [root@kvm-08-guest39 ~]# date +'%Y-%m-%d %H:%M' --date='3 minutes'

      2025-11-13 22:08

      [root@kvm-08-guest39 ~]# vi /usr/lib/systemd/system/insights-client.timer

      [root@kvm-08-guest39 ~]# systemctl daemon-reload

      [root@kvm-08-guest39 ~]# systemctl restart insights-client.timer

      [root@kvm-08-guest39 ~]# sleep 3m

      2. Check avc, and the following avc shows up:

      
      ----
      
      type=PROCTITLE msg=audit(11/13/2025 21:32:31.656:2090) : proctitle=/usr/bin/python3 /usr/lib/python3.12/site-packages/insights_client/run.py
      
      type=PATH msg=audit(11/13/2025 21:32:31.656:2090) : item=0 name=/run/rhsm/ inode=1496 dev=00:1b mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:rhsmcertd_var_run_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
      
      type=CWD msg=audit(11/13/2025 21:32:31.656:2090) : cwd=/
      
      type=SYSCALL msg=audit(11/13/2025 21:32:31.656:2090) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f7a1a240b50 a2=O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC a3=0x1b6 items=1 ppid=211193 pid=211216 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=python3 exe=/usr/bin/python3.12 subj=system_u:system_r:insights_core_t:s0 key=(null)
      
      type=AVC msg=audit(11/13/2025 21:32:31.656:2090) : avc:  denied  { write } for  pid=211216 comm=python3 name=rhsm dev="tmpfs" ino=1496 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:rhsmcertd_var_run_t:s0 tclass=dir permissive=0
      
      

       

      Expected results

      No avc for insights-core.

      Actual results

      AVC for "allow insights_core_t rhsmcertd_var_run_t:dir write;" shows up

              rhn-support-xialiu Xiangce Liu
              qianzhan@redhat.com Qianqian Zhang
              Xiangce Liu Xiangce Liu
              Qianqian Zhang Qianqian Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: