Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-143981

Missing SELinux file context for usbguard.pid

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.3
    • rhel-9.8
    • usbguard
    • None
    • Yes
    • None
    • rhel-security-special-projects
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Verify SELinux file contexts for the usbguard daemon - type usbguard_var_run_t.
      The test fails because /run/usbguard.pid remains unlabeled.

      Please provide the package NVR for which the bug is seen:

      usbguard-1.1.4-2.el9

      usbguard-selinux-1.1.4-2.el9

      selinux-policy-38.1.71-1.el9

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. install usbguard
      2. matchpathcon /var/run/usbguard.pid /run/usbguard.pid

      Expected results

       

      # matchpathcon /var/run/usbguard.pid /run/usbguard.pid

/var/run/usbguard.pid   system_u:object_r:usbguard_var_run_t:s0
/run/usbguard.pid       system_u:object_r:usbguard_var_run_t:s0

      Actual results

       

      # matchpathcon /var/run/usbguard.pid /run/usbguard.pid

/var/run/usbguard.pid   <<none>>
/run/usbguard.pid       <<none>>

      Additional logs

      Test case coverage: usbguard-tests/Sanity/selinux#L56

       

      :: [ 18:42:24 ] :: [ FAIL ] :: Result of matchpathcon /run/usbguard.pid should contain usbguard_var_run_t (Assert: expected 0, got 1) Redirecting to /bin/systemctl status usbguard.service Redirecting to /bin/systemctl stop usbguard.service :: Test phase SELinux AVC denials since test phase start:: 01/15/2026 18:42:19: <no matches>

       

       

      # systemctl start usbguard

# ls -alZ /var/run/usbguard.pid /run/usbguard.pid
-rw-------. 1 root root system_u:object_r:usbguard_var_run_t:s0 4 Jan 26 06:44 /run/usbguard.pid
-rw-------. 1 root root system_u:object_r:usbguard_var_run_t:s0 4 Jan 26 06:44 /var/run/usbguard.pid


# matchpathcon /var/run/usbguard.pid /run/usbguard.pid
/var/run/usbguard.pid   <<none>>
/run/usbguard.pid       <<none>>

# semanage fcontext -l | grep usbguard_var_run_t
/run/usbguard.*                                    regular file       system_u:object_r:usbguard_var_run_t:s0

# semanage fcontext -a -t usbguard_var_run_t "/var/run/usbguard\.pid"

# matchpathcon /var/run/usbguard.pid /run/usbguard.pid
/var/run/usbguard.pid   system_u:object_r:usbguard_var_run_t:s0
/run/usbguard.pid       system_u:object_r:usbguard_var_run_t:s0

# ausearch -m AVC -ts recent
<no matches>

       

       

              rh-ee-alakatos Attila Lakatos
              nbubakov Natália Bubáková
              Attila Lakatos Attila Lakatos
              Natália Bubáková Natália Bubáková
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: