Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-99319

AVC denials for "allow insights_core_t insights_client_var_log_t:file append;"

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • insights-core-selinux-3.7.0-2.el9
    • Yes
    • Critical
    • 2
    • subs-client-tools
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • SELINUX 250806: 10, SELINUX 250716: 9
    • Pass
    • Automated
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      This bug happens with:

      insights-client-3.9.0-1%2Bpkoprda.cct1412.noarch.rpm

      selinux-policy-38.1.58-1.selinux4392.4.noarch.rpm

      selinux-policy-devel-38.1.58-1.selinux4392.4.noarch.rpm

      selinux-policy-targeted-38.1.58-1.selinux4392.4.noarch.rpm

       

      The AVC details:

      type=PROCTITLE msg=audit(06/23/2025 03:14:19.794:163) : proctitle=/usr/bin/python3 /usr/lib/python3.9/site-packages/insights_client/run.py

      type=PATH msg=audit(06/23/2025 03:14:19.794:163) : item=1 name=/var/log/insights-client/insights-client.log inode=134764332 dev=fd:00 mode=file,600 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:insights_client_var_log_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0

      type=PATH msg=audit(06/23/2025 03:14:19.794:163) : item=0 name=/var/log/insights-client/ inode=134744572 dev=fd:00 mode=dir,700 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:insights_client_var_log_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0

      type=CWD msg=audit(06/23/2025 03:14:19.794:163) : cwd=/

      type=SYSCALL msg=audit(06/23/2025 03:14:19.794:163) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f92086e6f00 a2=O_WRONLY|O_CREAT|O_APPEND|O_CLOEXEC a3=0x1b6 items=2 ppid=1681 pid=1785 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=python3 exe=/usr/bin/python3.9 subj=system_u:system_r:insights_core_t:s0 key=(null)

      type=AVC msg=audit(06/23/2025 03:14:19.794:163) : avc:  denied 

      { append }

      for  pid=1785 comm=python3 name=insights-client.log dev="dm-0" ino=134764332 scontext=system_u:system_r:insights_core_t:s0 tcontext=system_u:object_r:insights_client_var_log_t:s0 tclass=file permissive=0

              rhn-support-xialiu Xiangce Liu
              qianzhan@redhat.com Qianqian Zhang
              Xiangce Liu Xiangce Liu
              Qianqian Zhang Qianqian Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: