Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-46808

denied { getattr } for comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service"

    • sst_security_selinux
    • ssg_security
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • x86_64
    • None

      What were you trying to do that didn't work?

      Please provide the package NVR for which bug is seen:

      selinux-policy-38.1.40-1.el9.noarch
      selinux-policy-targeted-38.1.40-1.el9.noarch
      ipa-selinux-4.12.0-4.el9.noarch
      ipa-server-4.12.0-4.el9.x86_64
      389-ds-base-2.5.1-1.el9.x86_64

      How reproducible: Always

      Steps to reproduce

      1. Performing ds-migration-functional tests

      Expected results

      Fix the AVC denials.

      Actual results

      type=PROCTITLE msg=audit(1720126970.434:4065): proctitle=28777367693A697061292020202020002D44464F524547524F554E44 type=PATH msg=audit(1720126970.434:4065): item=0 name="/usr/lib/systemd/system/dirsrv@.service" inode=14699 dev=fc:04 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:dirsrv_unit_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(1720126970.434:4065): cwd="/" type=SYSCALL msg=audit(1720126970.434:4065): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=7ffaa000a690 a2=7ffaa1863420 a3=0 items=1 ppid=36225 pid=36232 auid=4294967295 uid=991 gid=987 euid=991 suid=991 fsuid=991 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1720126970.434:4065): avc: denied { getattr } for pid=36232 comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service" dev="vda4" ino=14699 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:dirsrv_unit_file_t:s0 tclass=file permissive=0

            rhn-support-zpytela Zdenek Pytela
            sumenon@redhat.com Sudhir Menon
            Zdenek Pytela Zdenek Pytela
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: