-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
selinux-policy-40.13.5-1.el10
-
None
-
None
-
sst_security_selinux
-
ssg_security
-
21
-
None
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
Unspecified Release Note Type - Unknown
-
-
aarch64
-
None
What were you trying to do that didn't work?
run beaker job in rhel-10.0.beta, the restraint reported some avc denies message when running distribution/ltp/generic:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
selinux-policy-40.13.1-1.el10.noarch
time->Tue May 28 03:18:47 2024
type=PROCTITLE msg=audit(1716880727.166:361): proctitle=2F7362696E2F726571756573742D6B65790063726561746500323831313534373139003000300030003000333433353734343237
type=EXECVE msg=audit(1716880727.166:361): argc=8 a0="/sbin/request-key" a1="create" a2="281154719" a3="0" a4="0" a5="0" a6="0" a7="343574427"
type=SYSCALL msg=audit(1716880727.166:361): arch=c00000b7 syscall=221 success=no exit=-13 a0=aaaaac102070 a1=ffffd189f468 a2=ffffd189ffa0 a3=32 items=0 ppid=236323 pid=442722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="request-key" exe="/usr/sbin/request-key" subj=system_u:system_r:keyutils_request_t:s0 key=(null)
type=AVC msg=audit(1716880727.166:361): avc: denied
----
time->Tue May 28 03:18:47 2024
type=PROCTITLE msg=audit(1716880727.216:362): proctitle=2F7362696E2F726571756573742D6B657900637265617465003434353530303136320030003000323931343830343733003000333433353734343237
type=EXECVE msg=audit(1716880727.216:362): argc=8 a0="/sbin/request-key" a1="create" a2="445500162" a3="0" a4="0" a5="291480473" a6="0" a7="343574427"
type=SYSCALL msg=audit(1716880727.216:362): arch=c00000b7 syscall=221 success=no exit=-13 a0=aaaac2f22070 a1=ffffeca9fa38 a2=ffffecaa0570 a3=2e items=0 ppid=236323 pid=442733 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="request-key" exe="/usr/sbin/request-key" subj=system_u:system_r:keyutils_request_t:s0 key=(null)
type=AVC msg=audit(1716880727.216:362): avc: denied { execute }
for pid=442733 comm="request-key" name="keyctl" dev="dm-0" ino=34147367 scontext=system_u:system_r:keyutils_request_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
time->Tue May 28 03:18:47 2024
type=PROCTITLE msg=audit(1716880727.236:363): proctitle=2F7362696E2F726571756573742D6B657900637265617465003339383636363134340030003000343635373634333638003000333433353734343237
type=EXECVE msg=audit(1716880727.236:363): argc=8 a0="/sbin/request-key" a1="create" a2="398666144" a3="0" a4="0" a5="465764368" a6="0" a7="343574427"
type=SYSCALL msg=audit(1716880727.236:363): arch=c00000b7 syscall=221 success=no exit=-13 a0=aaaacff52070 a1=ffffe3662918 a2=ffffe3663450 a3=2e items=0 ppid=236323 pid=442742 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="request-key" exe="/usr/sbin/request-key" subj=system_u:system_r:keyutils_request_t:s0 key=(null)
type=AVC msg=audit(1716880727.236:363): avc: denied
for pid=442742 comm="request-key" name="keyctl" dev="dm-0" ino=34147367 scontext=system_u:system_r:keyutils_request_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
Please provide the package NVR for which bug is seen:
selinux-policy-40.13.1-1.el10.noarch
How reproducible:
always on aarch64
Steps to reproduce
- run https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/archive/main/kernel-tests-main.tar.gz#distribution/ltp/generic
- https://beaker.engineering.redhat.com/recipes/16219397#task178215560
Expected results
There's no avc deny message just as in 9.5.
Actual results
avc deny for request-key.
- links to
-
RHBA-2024:133202
selinux-policy bug fix and enhancement update
