Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: rhel-9.6
Component/s: container-selinux
Labels:
- cki-datawarehouse
- cki-priority:low

Regression:
No
Severity:
None

Pool Team:

rhel-sst-container-tools

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

avc denial during podman-tests

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-38.1.47-1.el9.noarch
----
time->Thu Nov 14 18:14:21 2024
type=PROCTITLE msg=audit(1731608061.238:1989): proctitle="/usr/lib/systemd/systemd-resolved"
type=SYSCALL msg=audit(1731608061.238:1989): arch=c00000b7 syscall=27 success=no exit=-13 a0=f a1=aaaafff13da0 a2=2000d84 a3=ffffb0fa6730 items=0 ppid=55959 pid=56054 auid=0 uid=165728 gid=165728 euid=165728 suid=165728 fsuid=165728 egid=165728 sgid=165728 fsgid=165728 tty=(none) ses=2 comm="systemd-resolve" exe="/usr/lib/systemd/systemd-resolved" subj=system_u:system_r:container_init_t:s0:c921,c987 key=(null)
type=AVC msg=audit(1731608061.238:1989): avc:  denied  { watch } for  pid=56054 comm="systemd-resolve" path="/run/dbus/system_bus_socket" dev="tmpfs" ino=104 scontext=system_u:system_r:container_init_t:s0:c921,c987 tcontext=system_u:object_r:container_file_t:s0:c921,c987 tclass=sock_file permissive=0

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?: not sure

Steps to reproduce

run https://gitlab.com/redhat/centos-stream/tests/kernel/kernel-tests/-/tree/production/container/podman

test logs: https://datawarehouse.cki-project.org/kcidb/tests/15338818

cki tracker https://datawarehouse.cki-project.org/issue/3251

is related to

RHEL-65361 avc: denied { watch } for pid=12142 comm="systemd-resolve" path="/run/dbus/system_bus_socket" dev="tmpfs"

Planning

Assignee:: Lokesh Mandvekar

Reporter:: Bruno Goncalves

Developer:: Container Runtime Eng Bot

QA Contact:: Container Runtime Bugs Bot

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/11/15 1:55 PM

Updated:: 2024/11/18 10:29 AM

Details

Description

What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?: not sure

Steps to reproduce

test logs: https://datawarehouse.cki-project.org/kcidb/tests/15338818

cki tracker https://datawarehouse.cki-project.org/issue/3251

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates