Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-62706

denied { getattr } for comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service"

    • None
    • None
    • 1
    • rhel-sst-security-selinux
    • ssg_security
    • 15
    • 1
    • False
    • Hide

      None

      Show
      None
    • No
    • SELINUX 241106 - 241127
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • x86_64
    • None

      What were you trying to do that didn't work?

      Please provide the package NVR for which bug is seen:

      selinux-policy-40.13.9-1.el10.noarch

      ipa-server-4.12.2-1.1.el10.x86_64

      How reproducible: Always

      Steps to reproduce

      1. Performing ds-migration-functional tests

      Expected results

      Fix the AVC denials.

      Actual results

      selinux-policy-40.13.9-1.el10.noarch ---- time->Thu Oct 3 17:49:42 2024 type=PROCTITLE msg=audit(1727992182.622:3489): proctitle=28777367693A697061292020202020002D44464F524547524F554E44 type=PATH msg=audit(1727992182.622:3489): item=0 name="/usr/lib/systemd/system/dirsrv@.service" inode=1451794 dev=fc:03 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:dirsrv_unit_file_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(1727992182.622:3489): cwd="/" type=SYSCALL msg=audit(1727992182.622:3489): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=7f3a270cda40 a2=7f3a25bfe420 a3=0 items=1 ppid=21518 pid=21525 auid=4294967295 uid=989 gid=988 euid=989 suid=989 fsuid=989 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1727992182.622:3489): avc: denied { getattr } for pid=21525 comm="httpd" path="/usr/lib/systemd/system/dirsrv@.service" dev="vda3" ino=1451794 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:dirsrv_unit_file_t:s0 tclass=file permissive=0

              rhn-support-zpytela Zdenek Pytela
              sumenon@redhat.com Sudhir Menon
              Zdenek Pytela Zdenek Pytela
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: