Loading...

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.0
Affects Version/s: rhel-10.0.beta, rhel-10.0
Component/s: frr
Labels:
None

Fixed in Build:
frr-10.1-4.el10
Regression:
No
Severity:
None

Pool Team:

rhel-sst-cs-net-perf-services
Sub-System Group:

ssg_core_services

Internal Target Milestone:
15
Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Test Link:
https://gitlab.com/redhat/rhel/tests/frr/-/tree/master/Sanity/Selinux-sanity-test?ref_type=heads
Errata Link:
https://errata.engineering.redhat.com/advisory/138646
Test Coverage:

Automated

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Some AVCs occurs after frr rhel10 rebase to 10.1 https://issues.redhat.com/browse/RHEL-55747

frr-10.1-3.el10

Reproducible with

/CoreOS/frr/Sanity/Selinux-sanity-test
https://beaker.engineering.redhat.com/recipes/16862708#task182919758

/CoreOS/frr/Multihost/basic-ospf-test
https://beaker.engineering.redhat.com/jobs/9778924

/CoreOS/frr/Multihost/basic-rip-test
https://beaker.engineering.redhat.com/jobs/9779040

AVCs:
type=AVC msg=audit(08/26/2024 07:55:57.424:469) : avc: denied { setattr } for pid=24003 comm=zebra name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.425:470) : avc: denied { add_name } for pid=24003 comm=zebra name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.464:471) : avc: denied { setattr } for pid=24008 comm=mgmtd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.464:472) : avc: denied { add_name } for pid=24008 comm=mgmtd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.512:473) : avc: denied { setattr } for pid=24010 comm=bgpd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.512:474) : avc: denied { add_name } for pid=24010 comm=bgpd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.572:475) : avc: denied { setattr } for pid=24017 comm=ripd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.573:476) : avc: denied { add_name } for pid=24017 comm=ripd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.599:477) : avc: denied { setattr } for pid=24020 comm=ripngd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.599:478) : avc: denied { add_name } for pid=24020 comm=ripngd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.622:479) : avc: denied { setattr } for pid=24023 comm=ospfd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.622:480) : avc: denied { add_name } for pid=24023 comm=ospfd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.653:481) : avc: denied { setattr } for pid=24026 comm=ospf6d name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.653:482) : avc: denied { add_name } for pid=24026 comm=ospf6d name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.683:483) : avc: denied { setattr } for pid=24029 comm=isisd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.683:484) : avc: denied { add_name } for pid=24029 comm=isisd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.718:485) : avc: denied { setattr } for pid=24032 comm=pimd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.719:486) : avc: denied { add_name } for pid=24032 comm=pimd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.774:487) : avc: denied { setattr } for pid=24036 comm=nhrpd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.774:488) : avc: denied { add_name } for pid=24036 comm=nhrpd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.807:489) : avc: denied { setattr } for pid=24045 comm=eigrpd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.808:490) : avc: denied { add_name } for pid=24045 comm=eigrpd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.833:491) : avc: denied { setattr } for pid=24049 comm=pbrd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.834:492) : avc: denied { add_name } for pid=24049 comm=pbrd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.855:493) : avc: denied { setattr } for pid=24052 comm=staticd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.855:494) : avc: denied { add_name } for pid=24052 comm=staticd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.877:495) : avc: denied { setattr } for pid=24055 comm=bfdd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.877:496) : avc: denied { add_name } for pid=24055 comm=bfdd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.904:497) : avc: denied { setattr } for pid=24058 comm=fabricd name=frr dev="dm-0" ino=100872367 scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir permissive=0

type=AVC msg=audit(08/26/2024 07:55:57.904:498) : avc: denied { add_name } for pid=24058 comm=fabricd name=frr scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir permissive=0

time->Mon Aug 26 10:28:17 2024 type=PROCTITLE msg=audit(1724682497.921:215): proctitle=2F7573722F6C6962657865632F6672722F6F73706664002D64002D4600747261646974696F6E616C002D41003132372E302E302E31 type=SYSCALL msg=audit(1724682497.921:215): arch=c000003e syscall=257 success=no exit=-13 a0=11 a1=559c1b4b51f0 a2=241 a3=180 items=0 ppid=1 pid=10575 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="ospfd" exe="/usr/libexec/frr/ospfd" subj=system_u:system_r:frr_t:s0 key=(null) type=AVC msg=audit(1724682497.921:215): avc: denied { create } for pid=10575 comm="ospfd" name="ospfd.json.sav" scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file permissive=0

time->Mon Aug 26 10:40:01 2024 type=PROCTITLE msg=audit(1724683201.987:212): proctitle=2F7573722F6C6962657865632F6672722F6D676D7464002D64002D4600747261646974696F6E616C type=SYSCALL msg=audit(1724683201.987:212): arch=c000003e syscall=257 success=no exit=13 a0=ffffff9c a1=557626396906 a2=241 a3=1b6 items=0 ppid=1 pid=10485 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="mgmtd" exe="/usr/libexec/frr/mgmtd" subj=system_u:system_r:frr_t:s0 key=(null) type=AVC msg=audit(1724683201.987:212): avc: denied { create } for pid=10485 comm="mgmtd" name="commit-20240826104001987860648.json" scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file permissive=0

time>Mon Aug 26 10:40:01 2024 type=PROCTITLE msg=audit(1724683201.987:213): proctitle=2F7573722F6C6962657865632F6672722F6D676D7464002D64002D4600747261646974696F6E616C type=SYSCALL msg=audit(1724683201.987:213): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7fff26c97530 a2=241 a3=1b6 items=0 ppid=1 pid=10485 auid=4294967295 uid=995 gid=994 euid=995 suid=995 fsuid=995 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="mgmtd" exe="/usr/libexec/frr/mgmtd" subj=system_u:system_r:frr_t:s0 key=(null) type=AVC msg=audit(1724683201.987:213): avc: denied { create } for pid=10485 comm="mgmtd" name="commit-index.dat" scontext=system_u:system_r:frr_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file permissive=0

links to

RHBA-2024:138646 frr bug fix and enhancement update

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates