Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-61634

lldpd triggers SELinux denials when systemd-machine is running

XMLWordPrintable

    • selinux-policy-40.13.12-1.el10
    • No
    • Moderate
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 11
    • 1
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • No
    • SELINUX 241016 - 241106
    • Unspecified Release Note Type - Unknown
    • x86_64
    • None

      What were you trying to do that didn't work?

      Found during the review of Tier2 test results.

      What is the impact of this issue to you?

      SELinux denials are the only problem visible to me

      Please provide the package NVR for which the bug is seen:

      lldpd-1.0.18-2.el10.x86_64
      selinux-policy-40.13.9-1.el10.noarch
      selinux-policy-targeted-40.13.9-1.el10.noarch
      systemd-container-256-14.el10.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. get a CentOS-stream-10 machine (targeted policy is active)
      2. start the systemd-machined service
      3. start the lldpd service
      4. search for SELinux denials

      Expected results

      • no SELinux denials

      Actual results

      ----
type=PROCTITLE msg=audit(10/07/2024 07:49:24.188:343) : proctitle=/usr/sbin/lldpd 
type=PATH msg=audit(10/07/2024 07:49:24.188:343) : item=0 name=/run/systemd/userdb/io.systemd.Machine inode=1657 dev=00:1a mode=socket,666 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:systemd_userdbd_runtime_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit(10/07/2024 07:49:24.188:343) : cwd=/ 
type=SOCKADDR msg=audit(10/07/2024 07:49:24.188:343) : saddr={ saddr_fam=local path=/run/systemd/userdb/io.systemd.Machine } 
type=SYSCALL msg=audit(10/07/2024 07:49:24.188:343) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x8 a1=0x7ffc6b195350 a2=0x29 a3=0x555d4c223010 items=1 ppid=1 pid=4850 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lldpd exe=/usr/sbin/lldpd subj=system_u:system_r:lldpad_t:s0 key=(null) 
type=AVC msg=audit(10/07/2024 07:49:24.188:343) : avc:  denied  { connectto } for  pid=4850 comm=lldpd path=/run/systemd/userdb/io.systemd.Machine scontext=system_u:system_r:lldpad_t:s0 tcontext=system_u:system_r:systemd_machined_t:s0 tclass=unix_stream_socket permissive=0 
----

              rhn-support-zpytela Zdenek Pytela
              mmalik@redhat.com Milos Malik
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: