What were you trying to do that didn't work?
When pmie_daily.service and pmlogger_daily.service are triggered by systemd timer, selinux AVCs are reported.
Please provide the package NVR for which bug is seen:
pcp-6.2.1-1.el9
How reproducible:
Always on all architectures
Steps to reproduce
- Install pcp-6.2.1-1.el9 and wait till 00:10:00 of the local time (10 minutes after the midnight)
- Check for AVCs
# audit2allow -a
Expected results
No AVC is reported
Actual results
The following AVCs are reported:
# audit2allow -a #============= pcp_pmie_t ============== allow pcp_pmie_t systemd_unit_file_t:service status; #============= pcp_pmlogger_t ============== allow pcp_pmlogger_t systemd_unit_file_t:service status;
# ausearch -m USER_AVC ---- time->Thu Apr 11 00:09:30 2024 type=USER_AVC msg=audit(1712808570.711:12920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=987 gid=987 path="/usr/lib/systemd/system/local-fs.target" cmdline="systemctl -q is-active local-fs.target" function="mac_selinux_filter" scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service permissive=1 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' ---- time->Thu Apr 11 00:09:31 2024 type=USER_AVC msg=audit(1712808571.788:12927): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=987 gid=987 path="/usr/lib/systemd/system/local-fs.target" cmdline="systemctl -q is-active local-fs.target" function="mac_selinux_filter" scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=service permissive=1 exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
- split from
-
RHEL-32370 pmie_daily.service and pmlogger_daily.service are triggering selinux AVCs
- Closed