-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-9.2.0
-
selinux-policy-38.1.50-1.el9
-
None
-
Low
-
2
-
rhel-security-selinux
-
ssg_security
-
19
-
1
-
QE ack
-
False
-
False
-
-
No
-
CY24Q2, SELINUX 241127 - 241218
-
Release Note Not Required
-
-
Unspecified
-
None
-
57,005
Description of problem:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
selinux-policy-38.1.8-1.el9.noarch
time->Wed Mar 1 08:23:45 2023
type=PROCTITLE msg=audit(1677677025.236:151): proctitle="/usr/sbin/rpc.statd"
type=SYSCALL msg=audit(1677677025.236:151): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7ffc8ff7d990 a2=80100 a3=0 items=0 ppid=1 pid=21104 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) ses=4294967295 comm="rpc.statd" exe="/usr/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0 key=(null)
type=AVC msg=audit(1677677025.236:151): avc: denied
for pid=21104 comm="rpc.statd" name="net" dev="proc" ino=34064 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0
Version-Release number of selected component (if applicable):
nfs-utils-2.5.4-18.el9.x86_64
selinux-policy-38.1.8-1.el9.noarch
How reproducible:
once
Actual results:
AVC denied
Expected results:
No AVC denied for defined operations
Additional info:
beaker job:
https://beaker.engineering.redhat.com/recipes/13475947#task156886730
- external trackers
- links to
-
RHBA-2024:139849
selinux-policy bug fix and enhancement update
