Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-132638

SELinux prevents systemd from mmap-ping of the /sys/kernel/btf/vmlinux file

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • Important
    • 1
    • rhel-security-selinux
    • 0.5
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • SELINUX 251223: 16
    • None
    • Automated
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      We encountered this avc denial, resulting in an osci.installability failure:

      ----
type=AVC msg=audit(12/02/2025 10:26:13.107:827) : avc:  denied  { map } for  pid=1 comm=systemd path=/sys/kernel/btf/vmlinux dev="sysfs" ino=1209 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0 
----
type=AVC msg=audit(12/02/2025 10:26:13.397:834) : avc:  denied  { map } for  pid=1 comm=systemd path=/sys/kernel/btf/vmlinux dev="sysfs" ino=1209 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0

      https://artifacts.osci.redhat.com/testing-farm/dd0bef38-f77d-4a8e-ae68-30cf02041140/

      Seems to happen on aarch64 only.

      The compose in question has selinux-policy-42.1.12-1.el10, systemd-257-16.el10, kernel-6.12.0-165.el10: http://download-01.beak-001.prod.iad2.dc.redhat.com/odcs/prod/odcs-4523602

      ashankar@redhat.com for awareness.

        1. perfdata.txt
          2 kB

              rhn-support-zpytela Zdenek Pytela
              fweimer@redhat.com Florian Weimer
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: