Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50012

[RHEL-9.5] SELinux: avc: denied { sys_chroot } for pid=3185 comm="(sd-parse-elf)"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-9.5
    • selinux-policy
    • None
    • None
    • None
    • sst_security_selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-38.1.41-1.el9.noarch
----
time->Fri Jul 19 02:32:25 2024
type=PROCTITLE msg=audit(1721370745.616:153): proctitle="(sd-parse-elf)"
type=SYSCALL msg=audit(1721370745.616:153): arch=c000003e syscall=308 success=no exit=-1 a0=7 a1=20000 a2=fffffff7 a3=7ffda8fa8200 items=0 ppid=3174 pid=3185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(sd-parse-elf)" exe="/usr/lib/systemd/systemd-coredump" subj=system_u:system_r:systemd_coredump_t:s0 key=(null)
type=AVC msg=audit(1721370745.616:153): avc:  denied  { sys_chroot } for  pid=3185 comm="(sd-parse-elf)" capability=18  scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0

      Please provide the package NVR for which bug is seen:

      selinux-policy-38.1.41-1.el9.noarch

      How reproducible:

      always

      Steps to reproduce

      1.  boot with rhel-9.5 
      2. run https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/archive/main/kernel-tests-main.tar.gz#rt-tests/rt_ssdd 
      3.  

      Expected results

      No avc_check failure

      Actual results

      https://beaker.engineering.redhat.com/recipes/16591605#task180866663,task180866665 

            rhn-support-zpytela Zdenek Pytela
            yinchang0124 Chang Yin
            Zdenek Pytela Zdenek Pytela
            Milos Malik Milos Malik
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: