-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.4
-
selinux-policy-38.1.29-1.el9
-
None
-
Moderate
-
rhel-sst-security-selinux
-
ssg_security
-
16
-
None
-
QE ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Release Note Not Required
-
None
What were you trying to do that didn't work?
#rpm -qa selinux*
selinux-policy-38.1.26-1.el9.noarch
selinux-policy-targeted-38.1.26-1.el9.noarch
- matchpathcon /dev/gnss0
/dev/gnss0 system_u:object_r:gnss_device_t:s0 - semanage fcontext -l | grep gnss_device_t
/dev/gnss[0-9]+ character device system_u:object_r:gnss_device_t:s0
#gpsd -nNp /dev/gnss0 -D3
gpsd:INFO: launching (Version 3.25, revision 3.25)
gpsd:INFO: starting uid 0, gid 0
gpsd:INFO: Command line: gpsd -nNp -D3 /dev/gnss0
gpsd:INFO: listening on port gpsd
gpsd:INFO: stashing device /dev/gnss0 at slot 0
gpsd:ERROR: SER: stat(/dev/gnss0) failed: Permission denied(13)
gpsd:ERROR: initial GPS device /dev/gnss0 open failed
gpsd:ERROR: can't run with neither control socket nor devices open
cat /var/log/audit/audit.log | grep gpsd
type=SOFTWARE_UPDATE msg=audit(1700052600.159:110): pid=7070 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="gpsd-minimal-1:3.25-4.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=dell-per740-29.rhts.eng.pek2.redhat.com addr=? terminal=pts/0 res=success'UID="root" AUID="root"
type=SOFTWARE_UPDATE msg=audit(1700052630.015:116): pid=7310 uid=0 auid=0 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=install sw="gpsd-minimal-clients-1:3.25-4.el9.x86_64" sw_type=rpm key_enforce=0 gpg_res=0 root_dir="/" comm="yum" exe="/usr/bin/python3.9" hostname=dell-per740-29.rhts.eng.pek2.redhat.com addr=? terminal=pts/0 res=success'UID="root" AUID="root"
type=AVC msg=audit(1700052658.661:120): avc: denied { getattr } for pid=7502 comm="gpsd" path="/dev/gnss0" dev="devtmpfs" ino=439 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gnss_device_t:s0 tclass=chr_file permissive=0
type=SYSCALL msg=audit(1700052658.661:120): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=4a4308 a2=7ffec68770e0 a3=0 items=0 ppid=1987 pid=7502 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="gpsd" exe="/usr/sbin/gpsd" subj=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=newfstatat AUID="root" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
Please provide the package NVR for which bug is seen:
#rpm -qa selinux*
selinux-policy-38.1.26-1.el9.noarch
selinux-policy-targeted-38.1.26-1.el9.noarch
How reproducible:
always
Steps to reproduce
Expected results
gpsd shouldn't be block by selinux
Actual results
gpsd is blocked by selinux
- links to
-
RHBA-2023:121166
selinux-policy bug fix and enhancement update
- mentioned on
