Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40094

[RHEL-10] avc: denied { map_read map_write }

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • selinux-policy
    • None
    • None
    • None
    • sst_security_selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?
      See below avc denied log during cloud-init test.
      # dmesg | grep -i denied
      [ 3.912579] audit: type=1400 audit(1717573836.383:4): avc: denied

      { map_read map_write } for pid=538 comm="nfs-server-gene" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.922753] audit: type=1400 audit(1717573836.393:5): avc: denied { map_read map_write }

      for pid=544 comm="systemd-fstab-g" scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.927225] audit: type=1400 audit(1717573836.397:6): avc: denied

      { map_read map_write } for pid=546 comm="systemd-gpt-aut" scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.941720] audit: type=1400 audit(1717573836.412:7): avc: denied { map_read map_write }

      for pid=552 comm="systemd-sysv-ge" scontext=system_u:system_r:systemd_sysv_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.945445] audit: type=1400 audit(1717573836.416:8): avc: denied

      { map_read map_write } for pid=549 comm="systemd-rc-loca" scontext=system_u:system_r:systemd_rc_local_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0


      Please provide the package NVR for which bug is seen:
      selinux-policy-40.13.1-1.el10.noarch
      selinux-policy-targeted-40.13.1-1.el10.noarch
      cloud-init-24.1.4-6.el10.noarch

      How reproducible:
      100%

      Steps to reproduce
      1. Deploy VM with cloud-init pre-installed on OpenStack
      2. Login VM and check

      Expected results
      No avc denied log

      Actual results
      There are some avc denied info:
      # dmesg | grep -i denied
      [ 3.912579] audit: type=1400 audit(1717573836.383:4): avc: denied { map_read map_write }

      for pid=538 comm="nfs-server-gene" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.922753] audit: type=1400 audit(1717573836.393:5): avc: denied

      { map_read map_write } for pid=544 comm="systemd-fstab-g" scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.927225] audit: type=1400 audit(1717573836.397:6): avc: denied { map_read map_write }

      for pid=546 comm="systemd-gpt-aut" scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.941720] audit: type=1400 audit(1717573836.412:7): avc: denied

      { map_read map_write } for pid=552 comm="systemd-sysv-ge" scontext=system_u:system_r:systemd_sysv_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      [ 3.945445] audit: type=1400 audit(1717573836.416:8): avc: denied { map_read map_write }

      for pid=549 comm="systemd-rc-loca" scontext=system_u:system_r:systemd_rc_local_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0

            rhn-support-zpytela Zdenek Pytela
            rhn-support-huzhao Huijuan Zhao
            Zdenek Pytela Zdenek Pytela
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: