-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-9.4
-
selinux-policy-38.1.28-1.el9
-
None
-
Low
-
rhel-sst-security-selinux
-
ssg_security
-
14
-
None
-
QE ack, Dev ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Release Note Not Required
-
-
x86_64
-
None
What were you trying to do that didn't work?
It seems that the dhcpcd service starts and runs successfully in enforcing mode, but each (re)start of the service triggers several SELinux denials.
Please provide the package NVR for which bug is seen:
dhcpcd-10.0.2-7.el9.x86_64
selinux-policy-38.1.25-1.el9.noarch
selinux-policy-devel-38.1.25-1.el9.noarch
selinux-policy-targeted-38.1.25-1.el9.noarch
How reproducible:
always
Steps to reproduce
- get a RHEL-9.4 machine (targeted policy is active)
- install the dhcpcd package (from EPEL repository)
- start the dhcpcd service
- search for SELinux denials
Expected results
No SELinux denials are triggered.
Actual results
----
type=PROCTITLE msg=audit(11/02/2023 10:36:03.762:321) : proctitle=dhcpcd: [BPF BOOTP] eth0
type=SYSCALL msg=audit(11/02/2023 10:36:03.762:321) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x6 a1=SOL_SOCKET a2=SO_ATTACH_FILTER a3=0x7ffc944ef520 items=0 ppid=9933 pid=10069 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=dhcpcd exe=/usr/sbin/dhcpcd subj=system_u:system_r:dhcpc_t:s0 key=(null)
type=AVC msg=audit(11/02/2023 10:36:03.762:321) : avc: denied { bpf } for pid=10069 comm=dhcpcd capability=bpf scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=capability2 permissive=0
----
- links to
-
RHBA-2023:121166
selinux-policy bug fix and enhancement update
- mentioned on
