-
Bug
-
Resolution: Done-Errata
-
Major
-
rhel-9.5
-
selinux-policy-38.1.39-1.el9
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
15
-
None
-
QE ack
-
False
-
-
No
-
None
-
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
-
s390x
-
None
What were you trying to do that didn't work?
Call traces like below on s390x machines:
---- time->Tue Apr 16 15:21:54 2024 type=PROCTITLE msg=audit(1713295314.076:440): proctitle=2F7573722F62696E2F73797374656D63746C007374617274006D616E2D64622D63616368652D757064617465 type=SYSCALL msg=audit(1713295314.076:440): arch=80000016 syscall=54 success=no exit=-19 a0=3 a1=c0007a05 a2=3fff78f9e50 a3=0 items=0 ppid=1 pid=19988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemctl" exe="/usr/bin/systemctl" subj=system_u:system_r:init_t:s0 key=(null) type=AVC msg=audit(1713295314.076:440): avc: denied { ioctl } for pid=19988 comm="systemctl" path="/dev/z90crypt" dev="devtmpfs" ino=100 ioctlcmd=0x7a05 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:crypt_device_t:s0 tclass=chr_file permissive=1 ---- time->Tue Apr 16 15:22:36 2024 type=PROCTITLE msg=audit(1713295356.206:465): proctitle="/usr/lib/systemd/systemd-hostnamed" type=SYSCALL msg=audit(1713295356.206:465): arch=80000016 syscall=54 success=no exit=-19 a0=3 a1=c0007a05 a2=3ffc12fa630 a3=0 items=0 ppid=1 pid=31233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-hostnam" exe="/usr/lib/systemd/systemd-hostnamed" subj=system_u:system_r:systemd_hostnamed_t:s0 key=(null) type=AVC msg=audit(1713295356.206:465): avc: denied { ioctl } for pid=31233 comm="systemd-hostnam" path="/dev/z90crypt" dev="devtmpfs" ino=100 ioctlcmd=0x7a05 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=system_u:object_r:crypt_device_t:s0 tclass=chr_file permissive=1
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.35-2.el9.noarch
How reproducible:
easily reproducible
Steps to reproduce
- It can be reproducible by just booting a machine. This seems to happen only on s390x using KVM.
test logs: https://datawarehouse.cki-project.org/kcidb/tests/12059125
cki issue tracker: https://datawarehouse.cki-project.org/issue/2662
This seems to be the same issue reported on rhel-10 (https://issues.redhat.com/browse/RHEL-28539) and Fedora (https://bugzilla.redhat.com/show_bug.cgi?id=2263825)
- is related to
-
RHEL-32370 pmie_daily.service and pmlogger_daily.service are triggering selinux AVCs
- Closed
- relates to
-
RHEL-38833 rpcbind AVC occurs on s390x rhel9.5 when running socat test
- Closed
- links to
-
RHBA-2024:130707 selinux-policy bug fix and enhancement update