-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.2
-
None
-
Yes
-
Moderate
-
rhel-virt-networking-passt-pasta
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
As subject
What is the impact of this issue to you?
AVC denials
Please provide the package NVR for which the bug is seen:
passt-0^20251210.gd04c480-2.el10.x86_64
selinux-policy-42.1.14-1.el10.noarch
curl-8.12.1-2.el10.x86_64
How reproducible is this bug?: 100%
Steps to reproduce
$ pasta --config-net -- curl https://google.com/ No interfaces with usable IPv6 routes IPv6: no external interface as template, use local mode IPv6 not supported, disabling <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/">here</A>. </BODY></HTML>
AVC denial:
type=AVC msg=audit(1768896517.927:7219): avc: denied { search } for pid=954633 comm="pasta.avx2" name=".local" dev="dm-0" ino=2885681576 scontext=unconfined_u:unconfined_r:pasta_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:gconf_home_t:s0 tclass=dir permissive=0
Expected results
NO AVC
Actual results
As above
Reproduced on fedora-rawhide sometimes as well. Version:
passt-0^20260117.g81c97f6-1.fc44.x86_64
selinux-policy-42.21-1.fc44.noarch
curl-8.18.0-1.fc44.x86_64
