-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-8.10
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
None
-
Automated
-
Unspecified
-
None
What were you trying to do that didn't work?
My user is mapped to staff_u. I have session recording enabled. When I log in to the system I see:
Permission denied Failed creating lock file /var/run/tlog/session.19.lock
Please provide the package NVR for which bug is seen:
selinux-policy-3.14.3-139.el8_10.noarch
How reproducible:
Very
Steps to reproduce
- Enable session recording
==> /etc/sssd/conf.d/session-recording.conf <== [session_recording] scope = all
- Restart sssd
- Create a user mapped to staff_u
- Log in as the user
Expected results
No error messages when logging in
Actual results
Messages printed when logging in:
Permission denied Failed creating lock file /var/run/tlog/session.19.lock
AVC denial:
----
type=PROCTITLE msg=audit(04/07/24 10:14:49.421:4531) : proctitle=-tlog-rec-session
type=SYSCALL msg=audit(04/07/24 10:14:49.421:4531) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x5607c9989f70 a2=O_RDONLY|O_CREAT|O_EXCL a3=0x180 items=0 ppid=598207 pid=598208 auid=sam uid=sam gid=sam euid=tlog suid=tlog fsuid=tlog egid=tlog sgid=tlog fsgid=tlog tty=pts4 ses=19 comm=tlog-rec-sessio exe=/usr/bin/tlog-rec-session subj=staff_u:staff_r:staff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(04/07/24 10:14:49.421:4531) : avc: denied { create } for pid=598208 comm=tlog-rec-sessio name=session.19.lock scontext=staff_u:staff_r:staff_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_run_t:s0 tclass=file permissive=0
- is cloned by
-
-
- Planning
-
- links to
