Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-50012

[RHEL-9.5] SELinux: avc: denied { sys_chroot } for pid=3185 comm="(sd-parse-elf)"

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-9.5
    • selinux-policy
    • None
    • None
    • None
    • sst_security_selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      SELinux status:                 enabled
      SELinuxfs mount:                /sys/fs/selinux
      SELinux root directory:         /etc/selinux
      Loaded policy name:             targeted
      Current mode:                   enforcing
      Mode from config file:          enforcing
      Policy MLS status:              enabled
      Policy deny_unknown status:     allowed
      Memory protection checking:     actual (secure)
      Max kernel policy version:      33
      selinux-policy-38.1.41-1.el9.noarch
      ----
      time->Fri Jul 19 02:32:25 2024
      type=PROCTITLE msg=audit(1721370745.616:153): proctitle="(sd-parse-elf)"
      type=SYSCALL msg=audit(1721370745.616:153): arch=c000003e syscall=308 success=no exit=-1 a0=7 a1=20000 a2=fffffff7 a3=7ffda8fa8200 items=0 ppid=3174 pid=3185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(sd-parse-elf)" exe="/usr/lib/systemd/systemd-coredump" subj=system_u:system_r:systemd_coredump_t:s0 key=(null)
      type=AVC msg=audit(1721370745.616:153): avc:  denied  { sys_chroot } for  pid=3185 comm="(sd-parse-elf)" capability=18  scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0 

      Please provide the package NVR for which bug is seen:

      selinux-policy-38.1.41-1.el9.noarch

      How reproducible:

      always

      Steps to reproduce

      1.  boot with rhel-9.5 
      2. run https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/archive/main/kernel-tests-main.tar.gz#rt-tests/rt_ssdd 
      3.  

      Expected results

      No avc_check failure

      Actual results

      https://beaker.engineering.redhat.com/recipes/16591605#task180866663,task180866665 

            rhn-support-zpytela Zdenek Pytela
            yinchang0124 Chang Yin
            Zdenek Pytela Zdenek Pytela
            Milos Malik Milos Malik
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: