Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-85723

systemd-coredump unable to access containerized process data

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • rhel-9.2.0.z, rhel-9.4.z
    • selinux-policy
    • None
    • Low
    • rhel-sst-security-selinux
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Description of problem:

          When a process generates a coredump,systemd-coredump is denied by SElinux to access the process data.

      Version-Release number of selected component (if applicable):

          sh-5.1# rpm -qa|grep selinux-policy
selinux-policy-38.1.11-2.el9_2.7.noarch
selinux-policy-targeted-38.1.11-2.el9_2.7.noarch


sh-5.1# rpm -qa|grep systemd-2
systemd-252-14.el9_2.8.x86_64

      How reproducible:

          always

      Steps to Reproduce:

          1. oc exec
    2. sleep 99999 &    
    3. kill the process

      Actual results:

          No stack in journal

      Expected results:

          Stack and data from systemd-coredump

      Additional info:

          This has been addressed here: https://github.com/openshift/os/issues/1652
But the SElinux policy does not include the rule in RHEL9.2 The systemd-container-coredump modules is still needed, which is installed, but not correctly loaded because there is a missing dependency on policycoreutils-python-utils

SElinux issue (fixed in newer version): https://issues.redhat.com/browse/RHEL-70380

              rhn-support-sbroz Stepan Broz
              rhn-support-bwelterl Benoit Welterlen
              se-security se-security se-security se-security
              se-security se-security se-security se-security
              Votes:
              2 Vote for this issue
              Watchers:
              17 Start watching this issue

                Created:
                Updated: