Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Minor
Fix Version/s: rhel-10.0.beta
Affects Version/s: rhel-10.0
Component/s: rpcbind
Labels:
- aws
- rhel-sst-virtualization-cloud

Fixed in Build:
rpcbind-1.2.7-2.el10
Epic Link:
RHELPLAN-53660

Pool Team:

rhel-sst-filesystems
Sub-System Group:

ssg_filesystems_storage_and_HA

Internal Target Milestone:
24
Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/136894
Test Coverage:

Automated

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?
See below avc denied log during ec2 test.




2024-05-06 17:41:06,859:INFO:Run on remote: sudo ausearch -i -m AVC -ts today 13:40:53|grep -Ev "os_tests.tests.test_general_check.TestGeneralCheck.test_check_avclog_nfs"|grep -Ev test_check
2024-05-06 17:41:07,439:INFO:CMD ret: 0 out:----
type=PROCTITLE msg=audit(05/06/24 13:40:54.531:1772) : proctitle=/usr/bin/rpcbind -w -f 
type=SYSCALL msg=audit(05/06/24 13:40:54.531:1772) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xa a1=0x7ffc6fceb8e0 a2=0x10 a3=0x55798ad60010 items=0 ppid=1 pid=7379 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpcbind exe=/usr/bin/rpcbind subj=system_u:system_r:rpcbind_t:s0 key=(null) 
type=AVC msg=audit(05/06/24 13:40:54.531:1772) : avc:  denied  { name_bind } for  pid=7379 comm=rpcbind src=61208 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 
----
type=PROCTITLE msg=audit(05/06/24 13:40:54.532:1773) : proctitle=/usr/bin/rpcbind -w -f 
type=SYSCALL msg=audit(05/06/24 13:40:54.532:1773) : arch=x86_64 syscall=bind success=no exit=EACCES(Permission denied) a0=0xb a1=0x7ffc6fceb8e0 a2=0x1c a3=0x55798ad60010 items=0 ppid=1 pid=7379 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpcbind exe=/usr/bin/rpcbind subj=system_u:system_r:rpcbind_t:s0 key=(null) 
type=AVC msg=audit(05/06/24 13:40:54.532:1773) : avc:  denied  { name_bind } for  pid=7379 comm=rpcbind src=62595 scontext=system_u:system_r:rpcbind_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0 
2024-05-06 17:40:51,736:INFO:Run on remote: rpm -qa selinux\* container\* | sort
2024-05-06 17:40:52,163:INFO:CMD ret: 0 out:container-selinux-2.229.0-2.el10.noarch
containers-common-0.57.3-3.el10.noarch
containers-common-extra-0.57.3-3.el10.noarch
selinux-policy-40.13-1.el10.noarch
selinux-policy-targeted-40.13-1.el10.noarch

Please provide the package NVR for which bug is seen:
6.9.0-0.rc2.1.el10.x86_64

How reproducible:
100%

Steps to reproduce

run test_check_avclog_nfs on aws

Expected results
No avc denied log

Actual results
rpcbind avc denied log detected.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

os_tests.tests.test_general_check.TestGeneralCheck.test_check_avclog_nfs.debug
14 kB
2024/05/07 5:39 AM

is duplicated by

RHEL-46223 selinux-policy AVC denials reported in bash-ipa-trust-functional-automount tests

Closed

links to

RHBA-2024:136894 rpcbind bug fix and enhancement update

Assignee:: Steve Dickson

Reporter:: Frank Liang

Developer:: Steve Dickson

QA Contact:: Yongcheng Yang

Votes:: 0 Vote for this issue

Watchers:: 15 Start watching this issue

Created:: 2024/05/07 5:38 AM

Updated:: 2024/11/19 6:37 PM

Target end:: 2024/08/12

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates