Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40563

systemd_gpt_generator_t and systemd_fstab_generator_t are denied to mmap init_t

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • selinux-policy
    • None
    • None
    • None
    • rhel-sst-security-selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      When installing dnf-automatic-4.20.0-1.el10 package with "dnf install dnf-automatic", these AVC denials are logged:

      type=SERVICE_START msg=audit(1718007819.479:216): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=run-raf296e8daaba4449a6b564ddbf980e4f comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
      type=AVC msg=audit(1718007819.552:217): avc:  denied  { map_read map_write } for  pid=1715 comm="systemd-fstab-g" scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      type=SYSCALL msg=audit(1718007819.552:217): arch=c000003e syscall=59 success=yes exit=0 a0=55b10186f3e0 a1=7ffcfff4a810 a2=55b101652ad0 a3=ffffffff items=0 ppid=1710 pid=1715 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-fstab-g" exe="/usr/lib/systemd/system-generators/systemd-fstab-generator" subj=system_u:system_r:systemd_fstab_generator_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
      type=EXECVE msg=audit(1718007819.552:217): argc=4 a0="/usr/lib/systemd/system-generators/systemd-fstab-generator" a1="/run/systemd/generator" a2="/run/systemd/generator.early" a3="/run/systemd/generator.late"
      type=PROCTITLE msg=audit(1718007819.552:217): proctitle=2F7573722F6C69622F73797374656D642F73797374656D2D67656E657261746F72732F73797374656D642D66737461622D67656E657261746F72002F72756E2F73797374656D642F67656E657261746F72002F72756E2F73797374656D642F67656E657261746F722E6561726C79002F72756E2F73797374656D642F67656E65
      type=AVC msg=audit(1718007819.555:218): avc:  denied  { map_read map_write } for  pid=1717 comm="systemd-gpt-aut" scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0  
      type=SYSCALL msg=audit(1718007819.555:218): arch=c000003e syscall=59 success=yes exit=0 a0=55b101885e80 a1=7ffcfff4a810 a2=55b101652ad0 a3=ffffffff items=0 ppid=1710 pid=1717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-gpt-aut" exe="/usr/lib/systemd/system-generators/systemd-gpt-auto-generator" subj=system_u:system_r:systemd_gpt_generator_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
      type=EXECVE msg=audit(1718007819.555:218): argc=4 a0="/usr/lib/systemd/system-generators/systemd-gpt-auto-generator" a1="/run/systemd/generator" a2="/run/systemd/generator.early" a3="/run/systemd/generator.late"
      type=PROCTITLE msg=audit(1718007819.555:218): proctitle=2F7573722F6C69622F73797374656D642F73797374656D2D67656E657261746F72732F73797374656D642D6770742D6175746F2D67656E657261746F72002F72756E2F73797374656D642F67656E657261746F72002F72756E2F73797374656D642F67656E657261746F722E6561726C79002F72756E2F73797374656D642F67
      type=AVC msg=audit(1718007819.558:219): avc:  denied  { map_read map_write } for  pid=1721 comm="systemd-rc-loca" scontext=system_u:system_r:systemd_rc_local_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0
      type=AVC msg=audit(1718007819.559:220): avc:  denied  { map_read map_write } for  pid=1724 comm="systemd-sysv-ge" scontext=system_u:system_r:systemd_sysv_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 
      type=SYSCALL msg=audit(1718007819.558:219): arch=c000003e syscall=59 success=yes exit=0 a0=55b1015d17a0 a1=7ffcfff4a810 a2=55b101652ad0 a3=ffffffff items=0 ppid=1710 pid=1721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-rc-loca" exe="/usr/lib/systemd/system-generators/systemd-rc-local-generator" subj=system_u:system_r:systemd_rc_local_generator_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
      type=EXECVE msg=audit(1718007819.558:219): argc=4 a0="/usr/lib/systemd/system-generators/systemd-rc-local-generator" a1="/run/systemd/generator" a2="/run/systemd/generator.early" a3="/run/systemd/generator.late"
      type=PROCTITLE msg=audit(1718007819.558:219): proctitle=2F7573722F6C69622F73797374656D642F73797374656D2D67656E657261746F72732F73797374656D642D72632D6C6F63616C2D67656E657261746F72002F72756E2F73797374656D642F67656E657261746F72002F72756E2F73797374656D642F67656E657261746F722E6561726C79002F72756E2F73797374656D642F67
      type=SYSCALL msg=audit(1718007819.559:220): arch=c000003e syscall=59 success=yes exit=0 a0=55b1016b4ec0 a1=7ffcfff4a810 a2=55b101652ad0 a3=ffffffff items=0 ppid=1710 pid=1724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-sysv-ge" exe="/usr/lib/systemd/system-generators/systemd-sysv-generator" subj=system_u:system_r:systemd_sysv_generator_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
      type=EXECVE msg=audit(1718007819.559:220): argc=4 a0="/usr/lib/systemd/system-generators/systemd-sysv-generator" a1="/run/systemd/generator" a2="/run/systemd/generator.early" a3="/run/systemd/generator.late"
      type=PROCTITLE msg=audit(1718007819.559:220): proctitle=2F7573722F6C69622F73797374656D642F73797374656D2D67656E657261746F72732F73797374656D642D737973762D67656E657261746F72002F72756E2F73797374656D642F67656E657261746F72002F72756E2F73797374656D642F67656E657261746F722E6561726C79002F72756E2F73797374656D642F67656E6572
      

      selinux-policy-40.13.2-1.el10.noarch
      systemd-udev-255.3-1.el10.x86_64

              rhn-support-zpytela Zdenek Pytela
              rhn-support-ppisar Petr Pisar
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: