Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-137533

AVC "allow insights_core_t iptables_t:process signal;" after upgrading RHEL9.8 to RHEL10.2

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Undefined Undefined
    • None
    • rhel-10.2
    • insights-core
    • None
    • None
    • None
    • insights-adv-framework
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      After upgrading RHEL9.8 to RHEL10.2, an AVC "allow insights_core_t iptables_t:process signal;" shows up when insights-core rpm collects data by insights-client timer.

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      [root@beaver-14 ~]# rpm -qa | grep insights

      insights-core-selinux-3.6.11.1-1.el10.noarch

      insights-core-3.6.11.1-1.el10.noarch

      insights-client-3.10.2-2.el10.noarch

      How reproducible is this bug?:

      NOT 100%

      Steps to reproduce

      1. Register RHSM and insights.
      2. Upgrade RHEL-9.8.0-20251221.1 to RHEL-10.2-20251222.1.
      3. Collect data by insights-client timer.

      Expected results

      No AVC shows up when collectiong data.

      Actual results

      The following AVC shows up: https://jenkins-csb-insights-fdns-main.dno.corp.redhat.com/view/InsightsCore/job/insights-core-rpm-rhel10-test/97/artifact/AVCs_for_collection_general_systemd.txt 

      ---- type=PROCTITLE msg=audit(12/23/2025 23:12:25.413:415) : proctitle=timeout -s 9 120 /sbin/ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:415) : opid=40285 oauid=unset ouid=root oses=-1 obj=system_u:system_r:iptables_t:s0 ocomm=ip6tables-save type=SYSCALL msg=audit(12/23/2025 23:12:25.413:415) : arch=x86_64 syscall=kill success=no exit=EACCES(Permission denied) a0=0x9d5d a1=SIGTERM a2=0x7ffd7eecd080 a3=0x0 items=0 ppid=37070 pid=40284 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(12/23/2025 23:12:25.413:415) : avc: denied \{ signal } for pid=40284 comm=timeout scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=0 

---- type=PROCTITLE msg=audit(12/23/2025 23:12:25.413:416) : proctitle=timeout -s 9 120 /sbin/ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:416) : opid=40285 oauid=unset ouid=root oses=-1 obj=system_u:system_r:iptables_t:s0 ocomm=ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:416) : opid=40284 oauid=unset ouid=root oses=-1 obj=system_u:system_r:insights_core_t:s0 ocomm=timeout type=SYSCALL msg=audit(12/23/2025 23:12:25.413:416) : arch=x86_64 syscall=kill success=yes exit=0 a0=0x0 a1=SIGTERM a2=0x0 a3=0x8 items=0 ppid=37070 pid=40284 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(12/23/2025 23:12:25.413:416) : avc: denied \{ signal } for pid=40284 comm=timeout scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=0 

---- type=PROCTITLE msg=audit(12/23/2025 23:12:25.413:417) : proctitle=timeout -s 9 120 /sbin/ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:417) : opid=40285 oauid=unset ouid=root oses=-1 obj=system_u:system_r:iptables_t:s0 ocomm=ip6tables-save type=SYSCALL msg=audit(12/23/2025 23:12:25.413:417) : arch=x86_64 syscall=kill success=no exit=EACCES(Permission denied) a0=0x9d5d a1=SIGCONT a2=0x0 a3=0x8 items=0 ppid=37070 pid=40284 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(12/23/2025 23:12:25.413:417) : avc: denied \{ signal } for pid=40284 comm=timeout scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=0 

---- type=PROCTITLE msg=audit(12/23/2025 23:12:25.413:418) : proctitle=timeout -s 9 120 /sbin/ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:418) : opid=40285 oauid=unset ouid=root oses=-1 obj=system_u:system_r:iptables_t:s0 ocomm=ip6tables-save type=OBJ_PID msg=audit(12/23/2025 23:12:25.413:418) : opid=40284 oauid=unset ouid=root oses=-1 obj=system_u:system_r:insights_core_t:s0 ocomm=timeout type=SYSCALL msg=audit(12/23/2025 23:12:25.413:418) : arch=x86_64 syscall=kill success=yes exit=0 a0=0x0 a1=SIGCONT a2=0x0 a3=0x8 items=0 ppid=37070 pid=40284 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=timeout exe=/usr/bin/timeout subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(12/23/2025 23:12:25.413:418) : avc: denied \{ signal } for pid=40284 comm=timeout scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=process permissive=0

              rhn-support-xialiu Xiangce Liu
              qianzhan@redhat.com Qianqian Zhang
              Xiangce Liu Xiangce Liu
              Qianqian Zhang Qianqian Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: