• selinux-policy-40.13.7-1.el10
    • None
    • None
    • rhel-sst-security-selinux
    • ssg_security
    • 25
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • .NET, AMQ Streams
    • None
    • Hide

      SELinux policy allows the boothd services to read the /run/systemd/userdb/ directory.

      Show
      SELinux policy allows the boothd services to read the /run/systemd/userdb/ directory.
    • Pass
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      I'm running automated booth tests in Beaker.

      Beaker job: https://beaker.engineering.redhat.com/recipes/16473538#task179986342,task179986343,task179986344

      This is new in RHEL10 and is not happening with RHEl9.

      AVC report:

      SELinux status:                 enabled
      SELinuxfs mount:                /sys/fs/selinux
      SELinux root directory:         /etc/selinux
      Loaded policy name:             targeted
      Current mode:                   enforcing
      Mode from config file:          enforcing
      Policy MLS status:              enabled
      Policy deny_unknown status:     allowed
      Memory protection checking:     actual (secure)
      Max kernel policy version:      33
      selinux-policy-40.13.2-1.el10.noarch
      ----
      time->Tue Jul  2 09:31:59 2024
      type=PROCTITLE msg=audit(1719927119.064:1036): proctitle=626F6F746864006461656D6F6E002D63002F6574632F626F6F74682F626F6F74682E636F6E66
      type=SYSCALL msg=audit(1719927119.064:1036): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7fe048ca39cf a2=90800 a3=0 items=0 ppid=13894 pid=13949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="boothd" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null)
      type=AVC msg=audit(1719927119.064:1036): avc:  denied  { read } for  pid=13949 comm="boothd" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0
      ----
      time->Tue Jul  2 09:31:59 2024
      type=PROCTITLE msg=audit(1719927119.064:1037): proctitle=626F6F746864006461656D6F6E002D63002F6574632F626F6F74682F626F6F74682E636F6E66
      type=SYSCALL msg=audit(1719927119.064:1037): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7fe048ca39cf a2=90800 a3=0 items=0 ppid=13894 pid=13949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="boothd" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null)
      type=AVC msg=audit(1719927119.064:1037): avc:  denied  { read } for  pid=13949 comm="boothd" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0
      ----
      time->Tue Jul  2 09:32:00 2024
      type=PROCTITLE msg=audit(1719927120.078:1039): proctitle=626F6F7468006C697374002D63002F6574632F626F6F74682F626F6F74682E636F6E66
      type=SYSCALL msg=audit(1719927120.078:1039): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f37458709cf a2=90800 a3=0 items=0 ppid=13894 pid=13957 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="booth" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null)
      type=AVC msg=audit(1719927120.078:1039): avc:  denied  { read } for  pid=13957 comm="booth" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0
      ----
      time->Tue Jul  2 09:32:00 2024
      type=PROCTITLE msg=audit(1719927120.079:1040): proctitle=626F6F7468006C697374002D63002F6574632F626F6F74682F626F6F74682E636F6E66
      type=SYSCALL msg=audit(1719927120.079:1040): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f37458709cf a2=90800 a3=0 items=0 ppid=13894 pid=13957 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="booth" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null)
      type=AVC msg=audit(1719927120.079:1040): avc:  denied  { read } for  pid=13957 comm="booth" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0
      
      

              rhn-support-zpytela Zdenek Pytela
              mnovacek@redhat.com Michal Nováček
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: