-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-8.9.0
-
selinux-policy-3.14.3-132.el8
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
14
-
None
-
QE ack, Dev ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Release Note Not Required
-
-
All
-
None
What were you trying to do that didn't work?
The auditd man page contains the following section:
SIGCONT
causes auditd to dump a report of internal state to /var/run/au‐
ditd.state.
I wanted to know whether the file gets a correct SELinux label during its creation (result: it does) and whether the restorecon command changes the label (result: unfortunately it does).
Please provide the package NVR for which bug is seen:
audit-3.0.7-5.el8.x86_64
audit-libs-3.0.7-5.el8.x86_64
selinux-policy-3.14.3-128.el8.noarch
selinux-policy-targeted-3.14.3-128.el8.noarch
How reproducible:
always
Steps to reproduce
- service auditd start
- kill -SIGCONT `pgrep ^auditd`
- restorecon -v /var/run/auditd.state
Relabeled /run/auditd.state from system_u:object_r:auditd_var_run_t:s0 to system_u:object_r:var_run_t:s0 - kill -SIGCONT `pgrep ^auditd`
Expected results
The /var/run/auditd.state file is labeled correctly and no SELinux denials appear.
Actual results
The /var/run/auditd.state file is mislabeled and the following SELinux denial appears:
----
type=AVC msg=audit(10/20/2023 11:06:05.721:308) : avc: denied { write } for pid=5494 comm=auditd name=auditd.state dev="tmpfs" ino=36934 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
- clones
-
-
- Closed
-
- links to
-
RHBA-2023:121335
selinux-policy bug fix and enhancement update
- mentioned on
