-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.10, rhel-8.10.z, rhel-9.3.0, rhel-9.6, rhel-9.8
-
None
-
None
-
1
-
rhel-idm-ipa
-
ssg_idm
-
None
-
False
-
False
-
-
None
-
RHEL JIRAS rhel-idm-ipa
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
-
57,005
Description of problem: AVC denials are seen in STIG mode.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
-ipa-replica-promotion
Actual results:
time->Fri Jun 16 05:25:15 2023
node=master.testrealm.test type=PROCTITLE msg=audit(1686907515.354:137703): proctitle=2F7573722F62696E2F706B31327574696C002D640073716C3A2F6574632F706B692F706B692D746F6D6361742F616C696173002D6F002F746D702F746D7067776632786462632F6578706F72742E703132002D6E0073756273797374656D4365727420636572742D706B692D6361002D6B002F6574632F706B692F706B692D74
node=master.testrealm.test type=PATH msg=audit(1686907515.354:137703): item=0 name="/run/pcscd/pcscd.comm" inode=920 dev=00:18 mode=0140666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:pcscd_var_run_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
node=master.testrealm.test type=CWD msg=audit(1686907515.354:137703): cwd="/"
node=master.testrealm.test type=SYSCALL msg=audit(1686907515.354:137703): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=7f1086e13040 a2=7fff8c8a09b0 a3=0 items=1 ppid=19257 pid=19258 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="pk12util" exe="/usr/bin/pk12util" subj=system_u:system_r:ipa_custodia_t:s0 key=(null)
node=master.testrealm.test type=AVC msg=audit(1686907515.354:137703): avc: denied
for pid=19258 comm="pk12util" path="/run/pcscd/pcscd.comm" dev="tmpfs" ino=920 scontext=system_u:system_r:ipa_custodia_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=sock_file permissive=0
Expected results:
Fix selinux denial messages.
Additional info:
- external trackers
