-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
selinux-policy-40.13.7-1.el10
-
None
-
None
-
sst_security_selinux
-
ssg_security
-
25
-
None
-
QE ack
-
False
-
-
No
-
.NET, AMQ Streams
-
None
-
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
None
What were you trying to do that didn't work?
I'm running automated booth tests in Beaker.
Beaker job: https://beaker.engineering.redhat.com/recipes/16473538#task179986342,task179986343,task179986344
This is new in RHEL10 and is not happening with RHEl9.
AVC report:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-40.13.2-1.el10.noarch ---- time->Tue Jul 2 09:31:59 2024 type=PROCTITLE msg=audit(1719927119.064:1036): proctitle=626F6F746864006461656D6F6E002D63002F6574632F626F6F74682F626F6F74682E636F6E66 type=SYSCALL msg=audit(1719927119.064:1036): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7fe048ca39cf a2=90800 a3=0 items=0 ppid=13894 pid=13949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="boothd" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null) type=AVC msg=audit(1719927119.064:1036): avc: denied { read } for pid=13949 comm="boothd" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0 ---- time->Tue Jul 2 09:31:59 2024 type=PROCTITLE msg=audit(1719927119.064:1037): proctitle=626F6F746864006461656D6F6E002D63002F6574632F626F6F74682F626F6F74682E636F6E66 type=SYSCALL msg=audit(1719927119.064:1037): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7fe048ca39cf a2=90800 a3=0 items=0 ppid=13894 pid=13949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="boothd" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null) type=AVC msg=audit(1719927119.064:1037): avc: denied { read } for pid=13949 comm="boothd" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0 ---- time->Tue Jul 2 09:32:00 2024 type=PROCTITLE msg=audit(1719927120.078:1039): proctitle=626F6F7468006C697374002D63002F6574632F626F6F74682F626F6F74682E636F6E66 type=SYSCALL msg=audit(1719927120.078:1039): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f37458709cf a2=90800 a3=0 items=0 ppid=13894 pid=13957 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="booth" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null) type=AVC msg=audit(1719927120.078:1039): avc: denied { read } for pid=13957 comm="booth" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0 ---- time->Tue Jul 2 09:32:00 2024 type=PROCTITLE msg=audit(1719927120.079:1040): proctitle=626F6F7468006C697374002D63002F6574632F626F6F74682F626F6F74682E636F6E66 type=SYSCALL msg=audit(1719927120.079:1040): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f37458709cf a2=90800 a3=0 items=0 ppid=13894 pid=13957 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="booth" exe="/usr/sbin/boothd" subj=system_u:system_r:boothd_t:s0 key=(null) type=AVC msg=audit(1719927120.079:1040): avc: denied { read } for pid=13957 comm="booth" name="userdb" dev="tmpfs" ino=47 scontext=system_u:system_r:boothd_t:s0 tcontext=system_u:object_r:systemd_userdbd_runtime_t:s0 tclass=dir permissive=0
- blocks
-
RHEL-40410 Rebase booth to v1.2 (rhel-10.0)
- Integration
- is duplicated by
-
RHEL-45906 AVC when running booth tests
- Closed
- links to
-
RHBA-2024:133202 selinux-policy bug fix and enhancement update