-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
selinux-policy-40.13.3-1.el10
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
17
-
None
-
QE ack
-
False
-
-
No
-
None
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
-
x86_64
-
None
What were you trying to do that didn't work?
Run regression tests for SBD component on RHEL 10 Beta.
Please provide the package NVR for which bug is seen:
selinux-policy-40.13.1-1.el10.noarch
How reproducible:
always
Steps to reproduce
Set up and use SBD as a fencing method in the cluster - see for example test job https://beaker.cluster-qe.lab.eng.brq.redhat.com/bkr/jobs/157679.
Looks like the functionality itself is not endangered (test passed), however AVC denials are generated.
SBD package has the same version as in RHEL9.4 (sbd-1.5.2-1.el9.x86_64), where no AVCs were present.
Expected results
No AVC denials
Actual results
time->Tue Jun 4 14:19:23 2024 type=PROCTITLE msg=audit(1717503563.844:821): proctitle=2F7573722F7362696E2F7362640071756572792D7761746368646F67 type=SYSCALL msg=audit(1717503563.844:821): arch=c000003e syscall=89 success=no exit=-13 a0=7ffcb67f3b10 a1=7ffcb67f3900 a2=ff a3=7fb806bb13e0 items=0 ppid=55785 pid=55786 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sbd" exe="/usr/sbin/sbd" subj=system_u:system_r:sbd_t:s0 key=(null) type=AVC msg=audit(1717503563.844:821): avc: denied { sys_ptrace } for pid=55786 comm="sbd" capability=19 scontext=system_u:system_r:sbd_t:s0 tcontext=system_u:system_r:sbd_t:s0 tclass=cap_userns permissive=0
full AVC log: http://beaker.cluster-qe.lab.eng.brq.redhat.com/logs/2024/06/1576/157679/499960/1323219/3566939/avc.log
- is cloned by
-
-
- Closed
-
- links to
-
RHBA-2024:133202
selinux-policy bug fix and enhancement update