-
Bug
-
Resolution: Unresolved
-
Blocker
-
CentOS Stream 10
-
None
-
passt-0^20251210.gd04c480-2.el10
-
Yes
-
Critical
-
1
-
rhel-virt-networking-passt-pasta
-
5
-
False
-
False
-
-
None
-
VIRT-PASST-CY25-Dec-22-Sprint4
-
Unspecified
-
Unspecified
-
Unspecified
-
x86_64
-
None
What were you trying to do that didn't work?
Tried to restart user container with selinux quadlet after passt upgrade
What is the impact of this issue to you?
Containers fail to start
Please provide the package NVR for which the bug is seen:
passt-selinux-0^20251210.gd04c480-1.el10
How reproducible is this bug?:
Always.
Steps to reproduce
- sudo dnf upgrade passt
- sudo machinectl shell user@
- systemctl --user restart usercontainer.service
Expected results
Successfull restarted usercontainer.service
Actual results
After sudo setenforce 0 restart works with these AVCs:
type=AVC msg=audit(1765925816.168:248726): avc: denied { read } for pid=3149539 comm="pasta.avx2" name="netns" dev="tmpfs" ino=50 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1765925816.168:248727): avc: denied { watch } for pid=3149539 comm="pasta.avx2" path="/run/user/1005/netns" dev="tmpfs" ino=50 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir permissive=1
With selinux enforcing container fail to start.
- is cloned by
-
-
- Integration
-
- links to
-
RHBA-2025:157241
passt update