-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.5
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
1
-
False
-
-
No
-
None
-
None
-
None
-
Unspecified Release Note Type - Unknown
-
-
x86_64
-
None
What were you trying to do that didn't work?
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.40-1.el9.noarch
selinux-policy-targeted-38.1.40-1.el9.noarch
ipa-selinux-4.12.0-4.el9.noarch
ipa-server-4.12.0-4.el9.x86_64
389-ds-base-2.5.1-1.el9.x86_64
How reproducible: Always
Steps to reproduce
1. Performing ds-migration-functional tests
Expected results
Fix the AVC denials.
Actual results
type=PROCTITLE msg=audit(1720126970.434:4065): proctitle=28777367693A697061292020202020002D44464F524547524F554E44 type=PATH msg=audit(1720126970.434:4065): item=0 name="/usr/lib/systemd/system/dirsrv@.service" inode=14699 dev=fc:04 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:dirsrv_unit_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(1720126970.434:4065): cwd="/" type=SYSCALL msg=audit(1720126970.434:4065): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=7ffaa000a690 a2=7ffaa1863420 a3=0 items=1 ppid=36225 pid=36232 auid=4294967295 uid=991 gid=987 euid=991 suid=991 fsuid=991 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1720126970.434:4065): avc: denied { getattr } for pid=36232 comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service" dev="vda4" ino=14699 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:dirsrv_unit_file_t:s0 tclass=file permissive=0
- is cloned by
-
RHEL-62706 denied { getattr } for comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service"
- Planning