-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
rhel-9.5
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Running the Cockpit test suite generates a systemd-networkd selinux violation. This is a new access error which happens after:
selinux-policy (38.1.39-1.el9 -> 38.1.40-1.el9)
selinux-policy-targeted (38.1.39-1.el9 -> 38.1.40-1.el9)
systemd (252-35.el9 -> 252-37.el9)
systemd-container (252-35.el9 -> 252-37.el9)
systemd-libs (252-35.el9 -> 252-37.el9)
systemd-pam (252-35.el9 -> 252-37.el9)
systemd-resolved (252-35.el9 -> 252-37.el9)
systemd-rpm-macros (252-35.el9 -> 252-37.el9)
systemd-udev (252-35.el9 -> 252-37.el9)
Please provide the package NVR for which bug is seen:
selinux-policy 38.1.40-1.el9
How reproducible:
Steps to reproduce
Expected results
No SELinux issue
Actual results
Jun 24 06:09:21 rhel-9-5-127-0-0-2-2201 kernel: audit: type=1404 audit(1719223760.939:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
Jun 24 06:09:21 rhel-9-5-127-0-0-2-2201 kernel: audit: type=1403 audit(1719223760.990:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
Jun 24 06:09:21 rhel-9-5-127-0-0-2-2201 kernel: audit: type=1400 audit(1719223761.459:4): avc: denied
for pid=929 comm="systemd-network" name=".#networkayixSB" scontext=system_u:system_r:systemd_network_generator_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0
[root@rhel-9-5-127-0-0-2-2201 ~]# systemctl --failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● kdump.service loaded failed failed Crash recovery kernel arming
● systemd-network-generator.service loaded failed failed Generate network units from Kernel command line
- duplicates
-
RHEL-47033 systemd-network-generator.service hitting AVC denials
- Closed