-
Bug
-
Resolution: Done-Errata
-
Major
-
CentOS Stream 9
-
selinux-policy-38.1.44-1.el9
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
25
-
None
-
False
-
-
No
-
None
-
Unspecified Release Note Type - Unknown
-
None
What were you trying to do that didn't work?
Use systemd-network-generator.service in a build of SCOS (Stream CoreOS).
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.41-1.el9.noarch (c9s-baseos)
systemd-252-38.el9.x86_64 (c9s-baseos)
How reproducible:
Always
Steps to reproduce
- Build SCOS (using `--variant c9s` (see step 4 in https://coreos.github.io/coreos-assembler/working/#im-a-contributor-investigating-a-coreos-bug-how-can-i-test-my-fixes)
- Run e.g. `coreos-assembler kola run ext.config.shared.networking.nameserver`
Expected results
Test passes
Actual results
Jul 10 15:16:27.352220 kernel: audit: type=1400 audit(1720624587.157:4): avc: denied { create } for pid=1365 comm="systemd-network" name=".#networkLisqyO" scontext=system_u:system_r:systemd_network_generator_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0
- blocks
-
COS-2842 Stand up the c9s stream in the RHCOS pipeline
- Closed
- is duplicated by
-
RHEL-44638 SELinux is preventing systemd-networkd from accessing /var/run
- Closed
- links to
-
RHBA-2024:130707 selinux-policy bug fix and enhancement update