-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
rhel-9.5
-
None
-
None
-
None
-
rhel-sst-security-selinux
-
ssg_security
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-38.1.41-1.el9.noarch ---- time->Fri Jul 19 02:32:25 2024 type=PROCTITLE msg=audit(1721370745.616:153): proctitle="(sd-parse-elf)" type=SYSCALL msg=audit(1721370745.616:153): arch=c000003e syscall=308 success=no exit=-1 a0=7 a1=20000 a2=fffffff7 a3=7ffda8fa8200 items=0 ppid=3174 pid=3185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(sd-parse-elf)" exe="/usr/lib/systemd/systemd-coredump" subj=system_u:system_r:systemd_coredump_t:s0 key=(null) type=AVC msg=audit(1721370745.616:153): avc: denied { sys_chroot } for pid=3185 comm="(sd-parse-elf)" capability=18 scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.41-1.el9.noarch
How reproducible:
always
Steps to reproduce
- boot with rhel-9.5
- run https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/archive/main/kernel-tests-main.tar.gz#rt-tests/rt_ssdd
Expected results
No avc_check failure
Actual results
https://beaker.engineering.redhat.com/recipes/16591605#task180866663,task180866665
- duplicates
-
RHEL-45245 [RHEL-9.5] SELinux denials appear when sd-parse-elf is executed by systemd-coredump
- Closed