-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
rhel-9.7
-
None
-
No
-
Important
-
rhel-security-selinux
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
`su` authentication is not working with Passkey test cases with SSSD
What is the impact of this issue to you?
Please provide the package NVR for which the bug is seen:
[root@client ~]# rpm -qa | grep selinux
libselinux-3.6-3.el9.x86_64
libselinux-utils-3.6-3.el9.x86_64
selinux-policy-38.1.56-1.el9.noarch
selinux-policy-targeted-38.1.56-1.el9.noarch
python3-libselinux-3.6-3.el9.x86_64
rpm-plugin-selinux-4.16.1.3-37.el9.x86_64
ipa-selinux-4.12.2-15.el9.noarch
[root@client ~]# rpm -qa | grep umockdev
umockdev-0.15.5-3.el9.x86_64
How reproducible is this bug?:
Always
Steps to reproduce
- In the tests, we are using the umockdev to mock the Passkey hardware.
- Here, we are to check `su` with some already recorded files.
- [root@client ~]# LD_PRELOAD=/opt/random.so umockdev-run --device '/tmp/mh.fs.rollback.nHsH2Tr6C' --ioctl '/dev/hidraw1=/tmp/mh.fs.rollback.eE7k7zbsT' --script '/dev/hidraw1=/tmp/mh.fs.rollback.TJCTo5wHc' – bash -c 'env | grep ^UMOCKDEV_ > /etc/sysconfig/sssd; printf "LD_PRELOAD=$LD_PRELOAD" >> /etc/sysconfig/sssd; systemctl restart sssd; chmod -R a+rwx $UMOCKDEV_DIR; su - ci -c "su - user1 -c whoami"'
su: avc.c:73: avc_context_to_sid_raw: Assertion `avc_running' failed.
umockdev-run: unable to propagate signal 6 to child 40463: No such process - [root@client ~]# coredumpctl
TIME PID UID GID SIG COREFILE EXE SIZE
Fri 2025-05-09 04:44:50 EDT 40024 0 0 SIGABRT present /usr/bin/su 264.4K
Fri 2025-05-09 05:15:37 EDT 40280 0 0 SIGABRT present /usr/bin/su 264.6K
Fri 2025-05-09 05:15:59 EDT 40295 0 0 SIGABRT present /usr/bin/su 264.7K
Fri 2025-05-09 05:36:07 EDT 40443 0 0 SIGABRT present /usr/bin/su 263.8K
Fri 2025-05-09 05:39:00 EDT 40463 0 0 SIGABRT present /usr/bin/su 265.0K - [root@client ~]# coredumpctl info
PID: 40463 (su)
UID: 0 (root)
GID: 0 (root)
Signal: 6 (ABRT)
Timestamp: Fri 2025-05-09 05:39:00 EDT (3h 37min ago)
Command Line: su - ci -c $'su - user1 -c whoami'
Executable: /usr/bin/su
Control Group: /user.slice/user-0.slice/session-14.scope
Unit: session-14.scope
Slice: user-0.slice
Session: 14
Owner UID: 0 (root)
Boot ID: 05536cafcc724979a0f81b795eb18a3c
Machine ID: 983d5d90b37d43aa8ca86a30b1225ad4
Hostname: client.test
Storage: /var/lib/systemd/coredump/core.su.0.05536cafcc724979a0f81b795eb18a3c.40463.1746783540000000.zst (present)
Size on Disk: 265.0K
Message: Process 40463 (su) of user 0 dumped core.
Stack trace of thread 40463:
#0 0x00007fa40f88bf5c __pthread_kill_implementation (libc.so.6 + 0x8bf5c)
#1 0x00007fa40f83eb46 raise (libc.so.6 + 0x3eb46)
#2 0x00007fa40f828833 abort (libc.so.6 + 0x28833)
#3 0x00007fa40f82875b __assert_fail_base.cold (libc.so.6 + 0x2875b)
#4 0x00007fa40f837886 __assert_fail (libc.so.6 + 0x37886)
#5 0x00007fa40fa1da5d avc_context_to_sid_raw (libselinux.so.1 + 0x8a5d)
#6 0x00007fa40fa27827 selinux_check_access (libselinux.so.1 + 0x12827)
#7 0x00007fa40fa48532 check_for_root (pam_rootok.so + 0x1532)
#8 0x00007fa40fb194d1 _pam_dispatch (libpam.so.0 + 0x94d1)
#9 0x00007fa40fb19bbd pam_authenticate (libpam.so.0 + 0x9bbd)
#10 0x0000557b50419071 su_main.constprop.0 (su + 0x9071)
#11 0x0000557b50413f0f main (su + 0x3f0f)
#12 0x00007fa40f8295d0 __libc_start_call_main (libc.so.6 + 0x295d0)
#13 0x00007fa40f829680 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29680)
#14 0x0000557b50413f35 _start (su + 0x3f35)
ELF object binary architecture: AMD x86-64
Expected results
`su` should without any error.
Actual results
`su` authentication is failing with avc error and coredumps are created.
- relates to
-
-
- Closed
-
