Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-142141

AVC for "allow insights_core_t tmpfs_t:file write;"

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-9.8.z
    • rhel-9.8
    • insights-core
    • None
    • None
    • None
    • insights-adv-framework
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      There is an AVC happens with insights-core rpm.

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      On composeĀ RHEL-9.8.0-20260117.1, the related components:

      [root@kvm-02-guest12 ~]# rpm -qa | egrep "insights|selinux-policy"

selinux-policy-38.1.71-1.el9.noarch

selinux-policy-targeted-38.1.71-1.el9.noarch

insights-core-selinux-3.7.1.2-2.el9.noarch

insights-core-3.7.1.2-2.el9.noarch

insights-client-3.9.3-1.el9.noarch

      How reproducible is this bug?: 100%

      Steps to reproduce

      1. Make sure tuned and bc are installed.
      2. Reboot the machine
      3. Run "runcon system_u:system_r:insights_core_t:s0 tuned-adm list".
      4. Check AVC:
      ---- type=PROCTITLE msg=audit(01/19/2026 00:03:06.326:434) : proctitle=/usr/bin/python3 -Es /usr/sbin/tuned-adm list type=SYSCALL msg=audit(01/19/2026 00:03:06.326:434) : arch=x86_64 syscall=write success=no exit=EACCES(Permission denied) a0=0x5 a1=0x7ffecc6f5710 a2=0x1000 a3=0x0 items=0 ppid=6793 pid=6794 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tuned-adm exe=/usr/bin/python3.9 subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(01/19/2026 00:03:06.326:434) : avc: denied \{ write } for pid=6794 comm=tuned-adm path=/memfd:libffi (deleted) dev="tmpfs" ino=15 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=0

---- type=PROCTITLE msg=audit(01/19/2026 00:03:06.343:435) : proctitle=/usr/bin/python3 -Es /usr/sbin/tuned-adm list type=SYSCALL msg=audit(01/19/2026 00:03:06.343:435) : arch=x86_64 syscall=write success=no exit=EACCES(Permission denied) a0=0x5 a1=0x7ffecc6f5080 a2=0x1000 a3=0x0 items=0 ppid=6793 pid=6794 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=tuned-adm exe=/usr/bin/python3.9 subj=system_u:system_r:insights_core_t:s0 key=(null) type=AVC msg=audit(01/19/2026 00:03:06.343:435) : avc: denied \{ write } for pid=6794 comm=tuned-adm path=/memfd:libffi (deleted) dev="tmpfs" ino=15 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file permissive=0

      Expected results

      No AVC happens when doing data collection.

      Actual results

      Above AVC happens.

        1. tuned.log
          36 kB

              rhn-support-xialiu Xiangce Liu
              qianzhan@redhat.com Qianqian Zhang
              Xiangce Liu Xiangce Liu
              Qianqian Zhang Qianqian Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: