Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-136432

SELinux AVC denials for systemd (kernel_t) during boot-up initialization

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • selinux-policy
    • None
    • rhel-security-selinux
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      RHEL-10.2-20251215.0

      How reproducible is this bug?:

      Steps to reproduce

      1. Provision the latest 10.2 compose to storageqe-86.lab.eng.brq2.redhat.com
      2. https://beaker.engineering.redhat.com/jobs/12077127
      3. https://beaker.engineering.redhat.com/recipes/20249681/logs/console.log

      Expected results

      No such avc denials

      Actual results

      systemd[1]: Successfully loaded SELinux policy in 186.998ms.   
 
         
audit: type=1400 audit(1765936030.649:3): avc:  denied  { write } for  pid=1 comm="systemd" name="core_pattern" dev="proc" ino=2055 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:usermodehelper_t:s0 tclass=file permissive=1   
 
         
audit: type=1400 audit(1765936030.649:4): avc:  denied  { read } for  pid=1 comm="systemd" name="net" dev="proc" ino=4026531845 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=1   
 
         
audit: type=1400 audit(1765936030.650:5): avc:  denied  { relabelto } for  pid=1 comm="systemd" name="vga_arbiter" dev="devtmpfs" ino=2 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=1   
 
         
audit: type=1400 audit(1765936030.650:6): avc:  denied  { relabelto } for  pid=1 comm="systemd" name="mem" dev="devtmpfs" ino=3 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=1   
 
         
audit: type=1400 audit         
systemd[1]: systemd 257-16.el10-ge667c4e running in system mode (+PAM +AUDIT +SELINUX -APPARMOR +IMA +IPE +SMACK +SECCOMP -GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN -IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +BTF +XKBCOMMON +UTMP +SYSVINIT +LIBARCHIVE)   
 
 [!p ]104     
  
        
Welcome to    
      
Red Hat Enterprise Linux 10.2 Beta (Coughlan)

              rhn-support-zpytela Zdenek Pytela
              rhn-support-zguo Zhaojuan Guo
              Zhaojuan Guo
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: