-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6
-
selinux-policy-38.1.56-1.el9
-
No
-
Moderate
-
1
-
rhel-security-selinux
-
ssg_security
-
11
-
2
-
QE ack
-
False
-
False
-
-
No
-
SELINUX 250514: 6
-
-
Pass
-
Automated
-
Release Note Not Required
-
-
All
-
None
What were you trying to do that didn't work?
Find out why so many varnish tests fail with the latest varnish build.
What is the impact of this issue to you?
The varnish service runs OK, but 1 SELinux denial is triggered during each start of the service.
Please provide the package NVR for which the bug is seen:
selinux-policy-38.1.52-1.el9.noarch
selinux-policy-targeted-38.1.52-1.el9.noarch
varnish-7.6.1-2.el9_5.x86_64
How reproducible is this bug?
always, on all architectures
Steps to reproduce:
- get a RHEL-9.6 machine
- start the varnish service
- search for SELinux denials
Expected results:
- no SELinux denials
Actual results (enforcing mode):
---- type=PROCTITLE msg=audit(02/05/2025 07:28:40.678:329) : proctitle=/usr/sbin/varnishd -a :6081 -a localhost:8443,PROXY -f /etc/varnish/default.vcl -P /run/varnish/varnishd.pid -p feature=+http2 - type=SYSCALL msg=audit(02/05/2025 07:28:40.678:329) : arch=x86_64 syscall=prlimit64 success=no exit=EPERM(Operation not permitted) a0=0x0 a1=0x8 a2=0x7ffc404951f0 a3=0x0 items=0 ppid=9934 pid=9935 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=varnishd exe=/usr/sbin/varnishd subj=system_u:system_r:varnishd_t:s0 key=(null) type=AVC msg=audit(02/05/2025 07:28:40.678:329) : avc: denied { sys_resource } for pid=9935 comm=varnishd capability=sys_resource scontext=system_u:system_r:varnishd_t:s0 tcontext=system_u:system_r:varnishd_t:s0 tclass=capability permissive=0 ----
- clones
-
-
- Release Pending
-
- links to
-
RHBA-2025:148008
selinux-policy bug fix and enhancement update