[RHEL-76284] AVC denials reported in STIG mode with downstream bash ipa-dns test suite - Red Hat Issue Tracker

Type: Bug
Resolution: Duplicate
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-9.6
Component/s: ipa
Labels:
None

Regression:
No
Severity:
None

Pool Team:

rhel-sst-idm-ipa
Sub-System Group:

ssg_idm

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

AVC denials are reported with STIG mode using bash ipa-dns test suite
selinux-policy-38.1.51-1.el9.noarch
https://gitlab.cee.redhat.com/identity-management/ipa-tests/-/tree/RHEL9.6/beaker/ipa-server/acceptance/ipa-dns?ref_type=heads

node=master.testrealm.test type=CWD msg=audit(1737829226.744:73446): cwd="/"
node=master.testrealm.test type=SYSCALL msg=audit(1737829226.744:73446): arch=c000003e syscall=262 success=no exit=-13 a0=ffffff9c a1=7fed13821040 a2=7ffc5359e440 a3=0 items=1 ppid=23654 pid=23655 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="pk12util" exe="/usr/bin/pk12util" subj=system_u:system_r:ipa_custodia_t:s0 key=(null)
node=master.testrealm.test type=AVC msg=audit(1737829226.744:73446): avc: denied

{ getattr }

for pid=23655 comm="pk12util" path="/run/pcscd/pcscd.comm" dev="tmpfs" ino=971 scontext=system_u:system_r:ipa_custodia_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0 tclass=sock_file permissive=0

Assignee:: Florence Renaud

Reporter:: Anuja More

Developer:: Florence Renaud

QA Contact:: Sudhir Menon

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2025/01/27 5:14 AM

Updated:: 2025/01/31 12:56 PM

Resolved:: 2025/01/31 12:31 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide