-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
rhel-10.1
-
None
-
No
-
None
-
rhel-security-selinux
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
sss_obfuscate tests are throwing avc when sss responder is used
What is the impact of this issue to you?
All processes should be able to use nss responder via socket.
Please provide the package NVR for which the bug is seen:
selinux-policy-40.13.31-2.el10.noarch
How reproducible is this bug?:
100%
Steps to reproduce
Expected results
No AVC seen.
Actual results
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-40.13.31-2.el10.noarch ---- time->Tue Jun 3 07:12:23 2025 type=PROCTITLE msg=audit(1748934743.633:1298): proctitle=73797374656D642D75736572776F726B3A2070726F63657373696E672E2E2E type=SYSCALL msg=audit(1748934743.633:1298): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=7ffc19c55150 a2=6e a3=100 items=0 ppid=669 pid=20393 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-userwor" exe="/usr/lib/systemd/systemd-userwork" subj=system_u:system_r:systemd_userdbd_t:s0 key=(null) type=AVC msg=audit(1748934743.633:1298): avc: denied { connectto } for pid=20393 comm="systemd-userwor" path="/var/lib/sss/pipes/nss" scontext=system_u:system_r:systemd_userdbd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0