Minor Please provide the package NVR for which the bug is seen:
libstoragemgmt-1.10.1-1.el9.x86_64
passt-0^20250217.ga1e48a0-1.el9.x86_64
passt-selinux-0^20250217.ga1e48a0-1.el9.noarch
selinux-policy-38.1.53-1.el9.noarch
selinux-policy-targeted-38.1.53-1.el9.noarch
How reproducible is this bug?
always
Steps to Reproduce:
- get a RHEL-9.6 machine (targeted policy is active)
- install the libstoragemgmt and passt packages
- start the libstoragemgmt service
- search for SELinux denials
Actual results (enforcing mode):
---- type=PROCTITLE msg=audit(02/20/2025 08:39:49.819:335) : proctitle=/usr/bin/lsmd -d type=PATH msg=audit(02/20/2025 08:39:49.819:335) : item=0 name=/usr/bin/passt-repair inode=12586155 dev=fd:01 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:passt_repair_exec_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(02/20/2025 08:39:49.819:335) : cwd=/ type=SYSCALL msg=audit(02/20/2025 08:39:49.819:335) : arch=x86_64 syscall=newfstatat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x56224d4a9850 a2=0x7ffe7b196380 a3=0x100 items=1 ppid=1 pid=5952 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=lsmd exe=/usr/bin/lsmd subj=system_u:system_r:lsmd_t:s0 key=(null) type=AVC msg=audit(02/20/2025 08:39:49.819:335) : avc: denied { getattr } for pid=5952 comm=lsmd path=/usr/bin/passt-repair dev="vda1" ino=12586155 scontext=system_u:system_r:lsmd_t:s0 tcontext=system_u:object_r:passt_repair_exec_t:s0 tclass=file permissive=0 ----
Expected results:
- no SELinux denials
- is cloned by
-
RHEL-84261 [rhel-9] SELinux prevents lsmd from doing getattr on /usr/bin/passt-repair [rhel-9.6.z]
-
- Closed
-