Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-85856

[RHEL-9.5] SELinux denials appear when sd-parse-elf is executed by systemd-coredump [rhel-9.2.0.z]

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • selinux-policy-38.1.11-2.el9_2.8
    • No
    • Moderate
    • ZStream
    • rhel-se-security
    • ssg_security
    • 5
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      This is a clone of issue RHEL-45245 to use for version rhel-9.2.0.z

      Original description:

      What were you trying to do that didn't work?

      run beaker job on rhel-9.5, and some avc denies showing up on the job result page.
      Job: https://beaker.engineering.redhat.com/recipes/16420849#task179637881 

      Please provide the package NVR for which bug is seen:

      selinux-policy-38.1.40-1.el9.noarch

      How reproducible:

      always

      Steps to reproduce

      1.  install the host with rhel-9.5
      2.  
      3.  

      Expected results

      No avc check failures

      Actual results

      SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33
selinux-policy-38.1.40-1.el9.noarch
----
time->Tue Jun 25 19:49:26 2024
type=PROCTITLE msg=audit(1719359366.119:205): proctitle="(sd-parse-elf)"
type=SYSCALL msg=audit(1719359366.119:205): arch=c000003e syscall=157 success=no exit=-1 a0=23 a1=8 a2=7ff9f3689000 a3=0 items=0 ppid=4168 pid=4188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(sd-parse-elf)" exe="/usr/lib/systemd/systemd-coredump" subj=system_u:system_r:systemd_coredump_t:s0 key=(null)
type=AVC msg=audit(1719359366.119:205): avc:  denied  { sys_resource } for  pid=4188 comm="(sd-parse-elf)" capability=24  scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0
----
time->Tue Jun 25 19:49:26 2024
type=PROCTITLE msg=audit(1719359366.124:206): proctitle="(sd-parse-elf)"
type=SYSCALL msg=audit(1719359366.124:206): arch=c000003e syscall=308 success=no exit=-1 a0=7 a1=20000 a2=fffffff7 a3=7ffd8cf96730 items=0 ppid=4168 pid=4188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(sd-parse-elf)" exe="/usr/lib/systemd/systemd-coredump" subj=system_u:system_r:systemd_coredump_t:s0 key=(null)
type=AVC msg=audit(1719359366.124:206): avc:  denied  { sys_admin } for  pid=4188 comm="(sd-parse-elf)" capability=21  scontext=system_u:system_r:systemd_coredump_t:s0 tcontext=system_u:system_r:systemd_coredump_t:s0 tclass=capability permissive=0

              rhn-support-mbarbaro Maurizio Barbaro
              watson-automation Watson Automation
              Zdenek Pytela Zdenek Pytela
              Stepan Broz Stepan Broz
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: