Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-19426

[8.10] avc denied when starting opa-fm service

XMLWordPrintable

    • selinux-policy-3.14.3-134.el8
    • None
    • Moderate
    • rhel-sst-security-selinux
    • ssg_security
    • 22
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Release Note Not Required
    • x86_64
    • None

      What were you trying to do that didn't work?

      Please provide the package NVR for which bug is seen:

      selinux-policy-3.14.3-132.el8.noarch

      How reproducible:

      Steps to reproduce

      1. Clone https://beaker.engineering.redhat.com/jobs/8665602
      2.  See details in https://issues.redhat.com/browse/RHEL-17820
      3.  

      Expected results

      No such denied.

      Actual results

      https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2023/12/86656/8665602/15170825/170493187/796620909/avc.log

      SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-3.14.3-132.el8.noarch
----
time->Wed Dec 13 01:50:54 2023
type=PROCTITLE msg=audit(1702450254.585:401): proctitle=2F7573722F6C69622F6F70612D666D2F72756E74696D652F736D002D6500736D5F30
type=SYSCALL msg=audit(1702450254.585:401): arch=c000003e syscall=4 success=no exit=-13 a0=56452ec9a740 a1=7ffd361c9b20 a2=7ffd361c9b20 a3=7f95558e0c20 items=0 ppid=70732 pid=70791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sm" exe="/usr/lib/opa-fm/runtime/sm" subj=system_u:system_r:opafm_t:s0 key=(null)
type=AVC msg=audit(1702450254.585:401): avc:  denied  { search } for  pid=70791 comm="sm" name="/" dev="0:49" ino=4299124166 scontext=system_u:system_r:opafm_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir permissive=0
----
time->Wed Dec 13 01:50:54 2023
type=PROCTITLE msg=audit(1702450254.585:402): proctitle=2F7573722F6C69622F6F70612D666D2F72756E74696D652F736D002D6500736D5F30
type=SYSCALL msg=audit(1702450254.585:402): arch=c000003e syscall=83 success=no exit=-13 a0=56452ec9a740 a1=1a4 a2=fffffffffffffef8 a3=7f95558e0c20 items=0 ppid=70732 pid=70791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sm" exe="/usr/lib/opa-fm/runtime/sm" subj=system_u:system_r:opafm_t:s0 key=(null)
type=AVC msg=audit(1702450254.585:402): avc:  denied  { search } for  pid=70791 comm="sm" name="/" dev="0:49" ino=4299124166 scontext=system_u:system_r:opafm_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir permissive=0
----
time->Wed Dec 13 01:50:54 2023
type=PROCTITLE msg=audit(1702450254.585:403): proctitle=2F7573722F6C69622F6F70612D666D2F72756E74696D652F736D002D6500736D5F30
type=SYSCALL msg=audit(1702450254.585:403): arch=c000003e syscall=80 success=no exit=-13 a0=56452ec9a740 a1=56452f6b7010 a2=56452f6b7048 a3=4000 items=0 ppid=70732 pid=70791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sm" exe="/usr/lib/opa-fm/runtime/sm" subj=system_u:system_r:opafm_t:s0 key=(null)
type=AVC msg=audit(1702450254.585:403): avc:  denied  { search } for  pid=70791 comm="sm" name="/" dev="0:49" ino=4299124166 scontext=system_u:system_r:opafm_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir permissive=0

              rhn-support-zpytela Zdenek Pytela
              rhn-support-zguo Zhaojuan Guo
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: