:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Setup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 09:26:15 ] :: [ BEGIN ] :: Running 'rlImport 'selinux-policy/common'' :: [ 09:26:15 ] :: [ INFO ] :: rlImport: Found 'selinux-policy/common', version '43' during upwards traversal :: [ 09:26:15 ] :: [ INFO ] :: rlImport: Will try to import selinux-policy/common from /root/selinux-policy/Library/common/lib.sh :: [ 09:26:15 ] :: [ INFO ] :: found dependencies: 'distribution/epel ' :: [ 09:26:15 ] :: [ INFO ] :: rlImport: Found 'distribution/epel', version '2' during upwards traversal :: [ 09:26:15 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel from /root/distribution/Library/epel/lib.sh :: [ 09:26:16 ] :: [ INFO ] :: found dependencies: ' distribution/LibrariesWrapper distribution/epel-internal' :: [ 09:26:16 ] :: [ INFO ] :: rlImport: Found 'distribution/LibrariesWrapper', version '9' during upwards traversal :: [ 09:26:16 ] :: [ INFO ] :: rlImport: Will try to import distribution/LibrariesWrapper from /root/distribution/Library/LibrariesWrapper/lib.sh :: [ 09:26:16 ] :: [ INFO ] :: found dependencies: '' :: [ 09:26:16 ] :: [ INFO ] :: rlImport: Found 'distribution/epel-internal', version '3' during upwards traversal :: [ 09:26:16 ] :: [ INFO ] :: rlImport: Will try to import distribution/epel-internal from /root/distribution/Library/epel-internal/lib.sh :: [ 09:26:16 ] :: [ INFO ] :: found dependencies: '' done. done. :: [ 09:26:16 ] :: [ BEGIN ] :: Running 'rlImport distribution/LibrariesWrapper' :: [ 09:26:16 ] :: [ PASS ] :: Command 'rlImport distribution/LibrariesWrapper' (Expected 0, got 0) :: [ 09:26:16 ] :: [ INFO ] :: LibrariesWrapperImport(): library not fetched yet :: [ 09:26:16 ] :: [ BEGIN ] :: Running 'env git clone --quiet --mirror "https://github.com/beakerlib/epel.git" .git' :: [ 09:26:16 ] :: [ PASS ] :: Command 'env git clone --quiet --mirror "https://github.com/beakerlib/epel.git" .git' (Expected 0, got 0) :: [ 09:26:16 ] :: [ BEGIN ] :: Running 'git config core.bare false' :: [ 09:26:16 ] :: [ PASS ] :: Command 'git config core.bare false' (Expected 0, got 0) :: [ 09:26:16 ] :: [ BEGIN ] :: Running 'cat .git/HEAD > .git/refs/heads/__DEFAULT_BRANCH__' :: [ 09:26:16 ] :: [ PASS ] :: Command 'cat .git/HEAD > .git/refs/heads/__DEFAULT_BRANCH__' (Expected 0, got 0) :: [ 09:26:17 ] :: [ BEGIN ] :: Running 'git checkout "master" -- "epel"' :: [ 09:26:17 ] :: [ PASS ] :: Command 'git checkout "master" -- "epel"' (Expected 0, got 0) :: [ 09:26:17 ] :: [ INFO ] :: found epel v42 from https://github.com/beakerlib/epel.git?72a1d18b541fdbd775d87bb69b57c3e018e18552#epel in /root/distribution/Library/epel/lib/epel loading library distribution/epel v42... done. :: [ 09:26:17 ] :: [ LOG ] :: Determined distro is 'rhel' :: [ 09:26:17 ] :: [ LOG ] :: Determined rhel release is '10' :: [ 09:26:17 ] :: [ LOG ] :: epel repo is accessible :: [ 09:26:17 ] :: [ LOG ] :: epel repo already present :: [ 09:26:17 ] :: [ INFO ] :: SELinux: using 'semodule -lfull' to list modules :: [ 09:26:17 ] :: [ INFO ] :: Running with policy located in /etc/selinux/targeted/policy/policy.34 :: [ 09:26:17 ] :: [ BEGIN ] :: Running 'mkdir -p /etc/skel/.{cache,config,local}' :: [ 09:26:17 ] :: [ PASS ] :: Command 'mkdir -p /etc/skel/.{cache,config,local}' (Expected 0, got 0) :: [ 09:26:17 ] :: [ LOG ] :: enriched audit log format already enabled :: [ 09:26:17 ] :: [ LOG ] :: stop the audit daemon first :: [ 09:26:17 ] :: [ BEGIN ] :: Running 'service auditd stop' Stopping logging: :: [ 09:26:17 ] :: [ PASS ] :: Command 'service auditd stop' (Expected 0, got 0) :: [ 09:26:22 ] :: [ LOG ] :: audit daemon configuration file is updated, starting the audit service Redirecting to /bin/systemctl status auditd.service Redirecting to /bin/systemctl start auditd.service :: [ 09:26:23 ] :: [ LOG ] :: rlServiceStart: Service auditd started successfully :: [ 09:26:23 ] :: [ ERROR ] :: /etc/audit/audit.rules is not updated :: [ 09:26:23 ] :: [ INFO ] :: SELinux related packages listing: :: [ 09:26:23 ] :: [ INFO ] :: checkpolicy-3.8-1.el10.x86_64 libselinux-3.8-2.el10_0.x86_64 libselinux-utils-3.8-2.el10_0.x86_64 libsemanage-3.8.1-1.el10_0.x86_64 libsepol-3.8-1.el10.x86_64 policycoreutils-3.8-2.el10.x86_64 policycoreutils-devel-3.8-2.el10.x86_64 policycoreutils-python-utils-3.8-2.el10.noarch selinux-policy-40.13.33-1.el10.noarch selinux-policy-devel-40.13.33-1.el10.noarch selinux-policy-targeted-40.13.33-1.el10.noarch setools-console-4.5.1-4.el10.x86_64 :: [ 09:26:23 ] :: [ INFO ] :: listing took 0 second(s) :: [ 09:26:23 ] :: [ INFO ] :: package 'setools-console-4.5.1-4.el10.x86_64' covers required package 'setools-console' :: [ 09:26:23 ] :: [ INFO ] :: package 'expect-5.45.4-25.el10.x86_64' covers required package 'expect' :: [ 09:26:23 ] :: [ INFO ] :: package 'policycoreutils-python-utils-3.8-2.el10.noarch' covers required package 'policycoreutils-python-utils' :: [ 09:26:23 ] :: [ INFO ] :: package 'selinux-policy-devel-40.13.33-1.el10.noarch' covers required package 'selinux-policy-devel' :: [ 09:26:23 ] :: [ INFO ] :: package 'audit-rules-4.0.3-4.el10.x86_64' covers required package 'audit-rules' :: [ 09:26:23 ] :: [ PASS ] :: Command 'rlImport 'selinux-policy/common'' (Expected 0, got 0) :: [ 09:26:23 ] :: [ PASS ] :: all required packages are really installed selinux-policy-40.13.33-1.el10.noarch :: [ 09:26:24 ] :: [ PASS ] :: Checking for the presence of selinux-policy rpm :: [ 09:26:24 ] :: [ LOG ] :: Package versions: :: [ 09:26:24 ] :: [ LOG ] :: selinux-policy-40.13.33-1.el10.noarch selinux-policy-targeted-40.13.33-1.el10.noarch :: [ 09:26:24 ] :: [ PASS ] :: Checking for the presence of selinux-policy-targeted rpm :: [ 09:26:24 ] :: [ LOG ] :: Package versions: :: [ 09:26:24 ] :: [ LOG ] :: selinux-policy-targeted-40.13.33-1.el10.noarch libutempter-1.2.1-15.el10.x86_64 :: [ 09:26:24 ] :: [ PASS ] :: Checking for the presence of libutempter rpm :: [ 09:26:24 ] :: [ LOG ] :: Package versions: :: [ 09:26:24 ] :: [ LOG ] :: libutempter-1.2.1-15.el10.x86_64 :: [ 09:26:24 ] :: [ INFO ] :: using '/var/tmp/beakerlib-ER3mSCl/backup' as backup destination :: [ 09:26:24 ] :: [ BEGIN ] :: Running 'setenforce 1' :: [ 09:26:24 ] :: [ PASS ] :: Command 'setenforce 1' (Expected 0, got 0) :: [ 09:26:24 ] :: [ BEGIN ] :: Running 'id -Z' unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ 09:26:24 ] :: [ PASS ] :: Command 'id -Z' (Expected 0, got 0) :: [ 09:26:24 ] :: [ BEGIN ] :: Running 'sestatus' SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 :: [ 09:26:24 ] :: [ PASS ] :: Command 'sestatus' (Expected 0, got 0) :: [ 09:26:24 ] :: [ BEGIN ] :: Running 'semodule --list-modules=full | grep -i disabled' 400 restraint pp disabled 400 rhts pp disabled :: [ 09:26:24 ] :: [ PASS ] :: Command 'semodule --list-modules=full | grep -i disabled' (Expected 0,1, got 0) :: [ 09:26:24 ] :: [ LOG ] :: rlSESetTimestamp: Setting timestamp 'TIMESTAMP' [06/06/2025 09:26:24] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 16 good, 0 bad :: RESULT: PASS (Setup) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: bz#1729571 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /usr/libexec/utempter/utempter system_u:object_r:utempter_exec_t:s0 :: [ 09:26:27 ] :: [ PASS ] :: Result of matchpathcon /usr/libexec/utempter/utempter should contain utempter_exec_t (Assert: expected 0, got 0) :: [ 09:26:27 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow user_t utempter_exec_t : file { getattr open read execute } ' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow user_usertype application_exec_type:file { execute execute_no_trans getattr ioctl lock map open read }; :: [ 09:26:28 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 09:26:28 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 09:26:28 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 09:26:28 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 09:26:29 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow user_t utempter_t : process { transition } ' FILTERED RULES allow user_t utempter_t:process transition; :: [ 09:26:30 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 09:26:30 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition user_t utempter_exec_t : process utempter_t ' FILTERED RULES type_transition user_t utempter_exec_t:process utempter_t; :: [ 09:26:32 ] :: [ PASS ] :: check permission 'utempter_t' is present (Assert: '0' should equal '0') :: [ 09:26:32 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow staff_t utempter_exec_t : file { getattr open read execute } ' FILTERED RULES allow domain file_type:file map; [ domain_can_mmap_files ]:True allow staff_usertype application_exec_type:file { execute execute_no_trans getattr ioctl lock map open read }; :: [ 09:26:33 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 09:26:33 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 09:26:33 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 09:26:33 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 09:26:33 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow staff_t utempter_t : process { transition } ' FILTERED RULES allow staff_t domain:process { getattr getcap getsched }; allow staff_t utempter_t:process transition; :: [ 09:26:35 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 09:26:35 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition staff_t utempter_exec_t : process utempter_t ' FILTERED RULES type_transition staff_t utempter_exec_t:process utempter_t; :: [ 09:26:37 ] :: [ PASS ] :: check permission 'utempter_t' is present (Assert: '0' should equal '0') :: [ 09:26:37 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow sysadm_t utempter_exec_t : file { getattr open read execute } ' FILTERED RULES allow confined_admindomain application_exec_type:file { execute execute_no_trans getattr ioctl lock map open read }; allow domain file_type:file map; [ domain_can_mmap_files ]:True allow files_unconfined_type file_type:file execmod; [ selinuxuser_execmod ]:True allow files_unconfined_type file_type:file { append audit_access create execute execute_no_trans getattr ioctl link lock map mounton open quotaon read relabelfrom relabelto rename setattr swapon unlink watch watch_mount watch_reads watch_sb watch_with_perm write }; :: [ 09:26:38 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 09:26:38 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 09:26:38 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 09:26:38 ] :: [ PASS ] :: check permission 'execute' is present (Assert: '0' should equal '0') :: [ 09:26:38 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow sysadm_t utempter_t : process { transition } ' FILTERED RULES allow sysadm_t domain:process ptrace; [ deny_ptrace ]:False allow sysadm_t domain:process { getattr getcap setsched sigchld sigkill signal signull sigstop }; allow sysadm_t utempter_t:process transition; :: [ 09:26:40 ] :: [ PASS ] :: check permission 'transition' is present (Assert: '0' should equal '0') :: [ 09:26:40 ] :: [ INFO ] :: rlSESearchRule: checking rule 'type_transition sysadm_t utempter_exec_t : process utempter_t ' FILTERED RULES type_transition sysadm_t utempter_exec_t:process utempter_t; :: [ 09:26:42 ] :: [ PASS ] :: check permission 'utempter_t' is present (Assert: '0' should equal '0') :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 16s :: Assertions: 19 good, 0 bad :: RESULT: PASS (bz#1729571) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: real scenario -- confined users :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 09:26:42 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login on' :: [ 09:26:42 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login on' (Expected 0, got 0) :: [ 09:26:42 ] :: [ BEGIN ] :: Running 'useradd -Z staff_u user27223' :: [ 09:26:43 ] :: [ PASS ] :: Command 'useradd -Z staff_u user27223' (Expected 0, got 0) :: [ 09:26:43 ] :: [ BEGIN ] :: Running 'echo S3kr3t5210 | passwd --stdin user27223' :: [ 09:26:43 ] :: [ PASS ] :: Command 'echo S3kr3t5210 | passwd --stdin user27223' (Expected 0, got 0) :: [ 09:26:43 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user27223' :: [ 09:26:43 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user27223' (Expected 0, got 0) :: [ 09:26:43 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user27223' :: [ 09:26:43 ] :: [ PASS ] :: Command 'rm -f /tmp/user27223' (Expected 0, got 0) :: [ 09:26:43 ] :: [ BEGIN ] :: Running './ssh.exp user27223 S3kr3t5210 localhost script -c id /tmp/user27223' spawn ssh -t user27223@localhost script -c id /tmp/user27223 The authenticity of host 'localhost (::1)' can't be established. ED25519 key fingerprint is SHA256:JJvGzvLE7dNnfcLtKtQfYrOwWp3WmLUtO+373k6LlLM. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. user27223@localhost's password: Script started, output log file is '/tmp/user27223'. uid=1000(user27223) gid=1000(user27223) groups=1000(user27223) context=staff_u:staff_r:staff_t:s0-s0:c0.c1023 Script done. Connection to localhost closed. :: [ 09:26:44 ] :: [ PASS ] :: Command './ssh.exp user27223 S3kr3t5210 localhost script -c id /tmp/user27223' (Expected 0, got 0) :: [ 09:26:44 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user27223' -rw-r--r--. 1 user27223 user27223 299 Jun 6 09:26 /tmp/user27223 :: [ 09:26:44 ] :: [ PASS ] :: Command 'ls -l /tmp/user27223' (Expected 0, got 0) :: [ 09:26:44 ] :: [ BEGIN ] :: Running 'grep "user27223.*context=staff_u:" /tmp/user27223' uid=1000(user27223) gid=1000(user27223) groups=1000(user27223) context=staff_u:staff_r:staff_t:s0-s0:c0.c1023 :: [ 09:26:44 ] :: [ PASS ] :: Command 'grep "user27223.*context=staff_u:" /tmp/user27223' (Expected 0, got 0) :: [ 09:26:44 ] :: [ BEGIN ] :: Running 'userdel -rfZ user27223' userdel: user user27223 is currently used by process 10844 :: [ 09:26:44 ] :: [ PASS ] :: Command 'userdel -rfZ user27223' (Expected 0, got 0) :: [ 09:26:44 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user27223' :: [ 09:26:44 ] :: [ PASS ] :: Command 'rm -f /tmp/user27223' (Expected 0, got 0) :: [ 09:26:44 ] :: [ BEGIN ] :: Running 'useradd -Z user_u user9886' :: [ 09:26:45 ] :: [ PASS ] :: Command 'useradd -Z user_u user9886' (Expected 0, got 0) :: [ 09:26:45 ] :: [ BEGIN ] :: Running 'echo S3kr3t18241 | passwd --stdin user9886' :: [ 09:26:45 ] :: [ PASS ] :: Command 'echo S3kr3t18241 | passwd --stdin user9886' (Expected 0, got 0) :: [ 09:26:45 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user9886' :: [ 09:26:45 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user9886' (Expected 0, got 0) :: [ 09:26:45 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user9886' :: [ 09:26:45 ] :: [ PASS ] :: Command 'rm -f /tmp/user9886' (Expected 0, got 0) :: [ 09:26:45 ] :: [ BEGIN ] :: Running './ssh.exp user9886 S3kr3t18241 localhost script -c id /tmp/user9886' spawn ssh -t user9886@localhost script -c id /tmp/user9886 user9886@localhost's password: Script started, output log file is '/tmp/user9886'. uid=1000(user9886) gid=1000(user9886) groups=1000(user9886) context=user_u:user_r:user_t:s0 Script done. Connection to localhost closed. :: [ 09:26:46 ] :: [ PASS ] :: Command './ssh.exp user9886 S3kr3t18241 localhost script -c id /tmp/user9886' (Expected 0, got 0) :: [ 09:26:46 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user9886' -rw-r--r--. 1 user9886 user9886 281 Jun 6 09:26 /tmp/user9886 :: [ 09:26:46 ] :: [ PASS ] :: Command 'ls -l /tmp/user9886' (Expected 0, got 0) :: [ 09:26:46 ] :: [ BEGIN ] :: Running 'grep "user9886.*context=user_u:" /tmp/user9886' uid=1000(user9886) gid=1000(user9886) groups=1000(user9886) context=user_u:user_r:user_t:s0 :: [ 09:26:46 ] :: [ PASS ] :: Command 'grep "user9886.*context=user_u:" /tmp/user9886' (Expected 0, got 0) :: [ 09:26:46 ] :: [ BEGIN ] :: Running 'userdel -rfZ user9886' userdel: user user9886 is currently used by process 10844 :: [ 09:26:47 ] :: [ PASS ] :: Command 'userdel -rfZ user9886' (Expected 0, got 0) :: [ 09:26:47 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user9886' :: [ 09:26:47 ] :: [ PASS ] :: Command 'rm -f /tmp/user9886' (Expected 0, got 0) :: [ 09:26:47 ] :: [ BEGIN ] :: Running 'useradd -Z guest_u user24377' :: [ 09:26:48 ] :: [ PASS ] :: Command 'useradd -Z guest_u user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'echo S3kr3t515 | passwd --stdin user24377' :: [ 09:26:48 ] :: [ PASS ] :: Command 'echo S3kr3t515 | passwd --stdin user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user24377' :: [ 09:26:48 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user24377' :: [ 09:26:48 ] :: [ PASS ] :: Command 'rm -f /tmp/user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running './ssh.exp user24377 S3kr3t515 localhost script -c id /tmp/user24377' spawn ssh -t user24377@localhost script -c id /tmp/user24377 user24377@localhost's password: Script started, output log file is '/tmp/user24377'. uid=1000(user24377) gid=1000(user24377) groups=1000(user24377) context=guest_u:guest_r:guest_t:s0 Script done. Connection to localhost closed. :: [ 09:26:48 ] :: [ PASS ] :: Command './ssh.exp user24377 S3kr3t515 localhost script -c id /tmp/user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user24377' -rw-r--r--. 1 user24377 user24377 287 Jun 6 09:26 /tmp/user24377 :: [ 09:26:48 ] :: [ PASS ] :: Command 'ls -l /tmp/user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'grep "user24377.*context=guest_u:" /tmp/user24377' uid=1000(user24377) gid=1000(user24377) groups=1000(user24377) context=guest_u:guest_r:guest_t:s0 :: [ 09:26:48 ] :: [ PASS ] :: Command 'grep "user24377.*context=guest_u:" /tmp/user24377' (Expected 0, got 0) :: [ 09:26:48 ] :: [ BEGIN ] :: Running 'userdel -rfZ user24377' userdel: user user24377 is currently used by process 10844 :: [ 09:26:49 ] :: [ PASS ] :: Command 'userdel -rfZ user24377' (Expected 0, got 0) :: [ 09:26:49 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user24377' :: [ 09:26:49 ] :: [ PASS ] :: Command 'rm -f /tmp/user24377' (Expected 0, got 0) :: [ 09:26:49 ] :: [ BEGIN ] :: Running 'useradd -Z xguest_u user8191' :: [ 09:26:50 ] :: [ PASS ] :: Command 'useradd -Z xguest_u user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'echo S3kr3t17841 | passwd --stdin user8191' :: [ 09:26:50 ] :: [ PASS ] :: Command 'echo S3kr3t17841 | passwd --stdin user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user8191' :: [ 09:26:50 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user8191' :: [ 09:26:50 ] :: [ PASS ] :: Command 'rm -f /tmp/user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running './ssh.exp user8191 S3kr3t17841 localhost script -c id /tmp/user8191' spawn ssh -t user8191@localhost script -c id /tmp/user8191 user8191@localhost's password: Script started, output log file is '/tmp/user8191'. uid=1000(user8191) gid=1000(user8191) groups=1000(user8191) context=xguest_u:xguest_r:xguest_t:s0 Script done. Connection to localhost closed. :: [ 09:26:50 ] :: [ PASS ] :: Command './ssh.exp user8191 S3kr3t17841 localhost script -c id /tmp/user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user8191' -rw-r--r--. 1 user8191 user8191 287 Jun 6 09:26 /tmp/user8191 :: [ 09:26:50 ] :: [ PASS ] :: Command 'ls -l /tmp/user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'grep "user8191.*context=xguest_u:" /tmp/user8191' uid=1000(user8191) gid=1000(user8191) groups=1000(user8191) context=xguest_u:xguest_r:xguest_t:s0 :: [ 09:26:50 ] :: [ PASS ] :: Command 'grep "user8191.*context=xguest_u:" /tmp/user8191' (Expected 0, got 0) :: [ 09:26:50 ] :: [ BEGIN ] :: Running 'userdel -rfZ user8191' userdel: user user8191 is currently used by process 10844 :: [ 09:26:51 ] :: [ PASS ] :: Command 'userdel -rfZ user8191' (Expected 0, got 0) :: [ 09:26:51 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user8191' :: [ 09:26:51 ] :: [ PASS ] :: Command 'rm -f /tmp/user8191' (Expected 0, got 0) :: [ 09:26:51 ] :: [ BEGIN ] :: Running 'useradd -Z sysadm_u user3513' :: [ 09:26:52 ] :: [ PASS ] :: Command 'useradd -Z sysadm_u user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'echo S3kr3t22431 | passwd --stdin user3513' :: [ 09:26:52 ] :: [ PASS ] :: Command 'echo S3kr3t22431 | passwd --stdin user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user3513' :: [ 09:26:52 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user3513' :: [ 09:26:52 ] :: [ PASS ] :: Command 'rm -f /tmp/user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running './ssh.exp user3513 S3kr3t22431 localhost script -c id /tmp/user3513' spawn ssh -t user3513@localhost script -c id /tmp/user3513 user3513@localhost's password: Script started, output log file is '/tmp/user3513'. uid=1000(user3513) gid=1000(user3513) groups=1000(user3513) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 Script done. Connection to localhost closed. :: [ 09:26:52 ] :: [ PASS ] :: Command './ssh.exp user3513 S3kr3t22431 localhost script -c id /tmp/user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user3513' -rw-r--r--. 1 user3513 user3513 299 Jun 6 09:26 /tmp/user3513 :: [ 09:26:52 ] :: [ PASS ] :: Command 'ls -l /tmp/user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'grep "user3513.*context=sysadm_u:" /tmp/user3513' uid=1000(user3513) gid=1000(user3513) groups=1000(user3513) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 :: [ 09:26:52 ] :: [ PASS ] :: Command 'grep "user3513.*context=sysadm_u:" /tmp/user3513' (Expected 0, got 0) :: [ 09:26:52 ] :: [ BEGIN ] :: Running 'userdel -rfZ user3513' userdel: user user3513 is currently used by process 10844 :: [ 09:26:53 ] :: [ PASS ] :: Command 'userdel -rfZ user3513' (Expected 0, got 0) :: [ 09:26:53 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user3513' :: [ 09:26:53 ] :: [ PASS ] :: Command 'rm -f /tmp/user3513' (Expected 0, got 0) :: [ 09:26:53 ] :: [ BEGIN ] :: Running 'useradd -Z unconfined_u user7024' :: [ 09:26:54 ] :: [ PASS ] :: Command 'useradd -Z unconfined_u user7024' (Expected 0, got 0) :: [ 09:26:54 ] :: [ BEGIN ] :: Running 'echo S3kr3t13784 | passwd --stdin user7024' :: [ 09:26:54 ] :: [ PASS ] :: Command 'echo S3kr3t13784 | passwd --stdin user7024' (Expected 0, got 0) :: [ 09:26:54 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user7024' :: [ 09:26:54 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user7024' (Expected 0, got 0) :: [ 09:26:54 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user7024' :: [ 09:26:54 ] :: [ PASS ] :: Command 'rm -f /tmp/user7024' (Expected 0, got 0) :: [ 09:26:54 ] :: [ BEGIN ] :: Running './ssh.exp user7024 S3kr3t13784 localhost script -c id /tmp/user7024' spawn ssh -t user7024@localhost script -c id /tmp/user7024 user7024@localhost's password: Script started, output log file is '/tmp/user7024'. uid=1000(user7024) gid=1000(user7024) groups=1000(user7024) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Script done. Connection to localhost closed. :: [ 09:26:54 ] :: [ PASS ] :: Command './ssh.exp user7024 S3kr3t13784 localhost script -c id /tmp/user7024' (Expected 0, got 0) :: [ 09:26:54 ] :: [ BEGIN ] :: Running 'ls -l /tmp/user7024' -rw-r--r--. 1 user7024 user7024 311 Jun 6 09:26 /tmp/user7024 :: [ 09:26:54 ] :: [ PASS ] :: Command 'ls -l /tmp/user7024' (Expected 0, got 0) :: [ 09:26:55 ] :: [ BEGIN ] :: Running 'grep "user7024.*context=unconfined_u:" /tmp/user7024' uid=1000(user7024) gid=1000(user7024) groups=1000(user7024) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 :: [ 09:26:55 ] :: [ PASS ] :: Command 'grep "user7024.*context=unconfined_u:" /tmp/user7024' (Expected 0, got 0) :: [ 09:26:55 ] :: [ BEGIN ] :: Running 'userdel -rfZ user7024' userdel: user user7024 is currently used by process 10844 :: [ 09:26:55 ] :: [ PASS ] :: Command 'userdel -rfZ user7024' (Expected 0, got 0) :: [ 09:26:55 ] :: [ BEGIN ] :: Running 'rm -f /tmp/user7024' :: [ 09:26:55 ] :: [ PASS ] :: Command 'rm -f /tmp/user7024' (Expected 0, got 0) :: [ 09:26:55 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login off' :: [ 09:26:55 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login off' (Expected 0, got 0) :: [ 09:26:55 ] :: [ BEGIN ] :: Running 'restorecon -v /usr/libexec/utempter/utempter' :: [ 09:26:55 ] :: [ PASS ] :: Command 'restorecon -v /usr/libexec/utempter/utempter' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 13s :: Assertions: 57 good, 0 bad :: RESULT: PASS (real scenario -- confined users) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-24946 + RHEL-25002 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /dev/ptmx system_u:object_r:ptmx_t:s0 :: [ 09:26:56 ] :: [ PASS ] :: Result of matchpathcon /dev/ptmx should contain ptmx_t (Assert: expected 0, got 0) :: [ 09:26:56 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow utempter_t ptmx_t : chr_file { getattr read write ioctl } [ ]' FILTERED RULES allow utempter_t ptmx_t:chr_file { append getattr ioctl lock open read write }; :: [ 09:26:58 ] :: [ PASS ] :: check permission 'getattr' is present (Assert: '0' should equal '0') :: [ 09:26:58 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 09:26:58 ] :: [ PASS ] :: check permission 'write' is present (Assert: '0' should equal '0') :: [ 09:26:58 ] :: [ PASS ] :: check permission 'ioctl' is present (Assert: '0' should equal '0') :: [ 09:26:58 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login on' :: [ 09:26:58 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login on' (Expected 0, got 0) :: [ 09:26:58 ] :: [ BEGIN ] :: Running 'useradd -Z staff_u user23755' :: [ 09:26:59 ] :: [ PASS ] :: Command 'useradd -Z staff_u user23755' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'echo S3kr3t7903 | passwd --stdin user23755' :: [ 09:26:59 ] :: [ PASS ] :: Command 'echo S3kr3t7903 | passwd --stdin user23755' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user23755' :: [ 09:26:59 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user23755' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running './ssh.exp user23755 S3kr3t7903 localhost tlog-rec -o output.txt id' spawn ssh -t user23755@localhost tlog-rec -o output.txt id user23755@localhost's password: uid=1000(user23755) gid=1000(user23755) groups=1000(user23755) context=staff_u:staff_r:staff_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:26:59 ] :: [ PASS ] :: Command './ssh.exp user23755 S3kr3t7903 localhost tlog-rec -o output.txt id' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'grep -i failed /var/tmp/rlRun_LOG.f85gDjCo' :: [ 09:26:59 ] :: [ PASS ] :: Command 'grep -i failed /var/tmp/rlRun_LOG.f85gDjCo' (Expected 1, got 1) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'ls -l /home/user23755/output.txt' -rw-------. 1 user23755 user23755 410 Jun 6 09:26 /home/user23755/output.txt :: [ 09:26:59 ] :: [ PASS ] :: Command 'ls -l /home/user23755/output.txt' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'grep staff_u /home/user23755/output.txt' {"ver":"2.3","host":"mmalik-1mt-rhel-10.1-20250602.1-45037-2025-06-06-12-05","rec":"2a24053dc221432eac5f7b1830751356-33fc-7672f","user":"user23755","term":"xterm-256color","session":11,"id":1,"pos":0,"time":1749216419.756,"timing":"=80x24+5>111","in_txt":"","in_bin":[],"out_txt":"uid=1000(user23755) gid=1000(user23755) groups=1000(user23755) context=staff_u:staff_r:staff_t:s0-s0:c0.c1023\r\n","out_bin":[]} :: [ 09:26:59 ] :: [ PASS ] :: Command 'grep staff_u /home/user23755/output.txt' (Expected 0, got 0) :: [ 09:26:59 ] :: [ BEGIN ] :: Running 'userdel -rfZ user23755' userdel: user user23755 is currently used by process 10844 :: [ 09:27:00 ] :: [ PASS ] :: Command 'userdel -rfZ user23755' (Expected 0, got 0) :: [ 09:27:00 ] :: [ BEGIN ] :: Running 'useradd -Z user_u user29225' :: [ 09:27:01 ] :: [ PASS ] :: Command 'useradd -Z user_u user29225' (Expected 0, got 0) :: [ 09:27:01 ] :: [ BEGIN ] :: Running 'echo S3kr3t13256 | passwd --stdin user29225' :: [ 09:27:01 ] :: [ PASS ] :: Command 'echo S3kr3t13256 | passwd --stdin user29225' (Expected 0, got 0) :: [ 09:27:01 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user29225' :: [ 09:27:01 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user29225' (Expected 0, got 0) :: [ 09:27:01 ] :: [ BEGIN ] :: Running './ssh.exp user29225 S3kr3t13256 localhost tlog-rec -o output.txt id' spawn ssh -t user29225@localhost tlog-rec -o output.txt id user29225@localhost's password: uid=1000(user29225) gid=1000(user29225) groups=1000(user29225) context=user_u:user_r:user_t:s0 Connection to localhost closed. :: [ 09:27:01 ] :: [ PASS ] :: Command './ssh.exp user29225 S3kr3t13256 localhost tlog-rec -o output.txt id' (Expected 0, got 0) :: [ 09:27:01 ] :: [ BEGIN ] :: Running 'grep -i failed /var/tmp/rlRun_LOG.S1h9uNWp' :: [ 09:27:01 ] :: [ PASS ] :: Command 'grep -i failed /var/tmp/rlRun_LOG.S1h9uNWp' (Expected 1, got 1) :: [ 09:27:02 ] :: [ BEGIN ] :: Running 'ls -l /home/user29225/output.txt' -rw-------. 1 user29225 user29225 394 Jun 6 09:27 /home/user29225/output.txt :: [ 09:27:02 ] :: [ PASS ] :: Command 'ls -l /home/user29225/output.txt' (Expected 0, got 0) :: [ 09:27:02 ] :: [ BEGIN ] :: Running 'grep user_u /home/user29225/output.txt' {"ver":"2.3","host":"mmalik-1mt-rhel-10.1-20250602.1-45037-2025-06-06-12-05","rec":"2a24053dc221432eac5f7b1830751356-3506-76807","user":"user29225","term":"xterm-256color","session":12,"id":1,"pos":0,"time":1749216421.921,"timing":"=80x24+4>96","in_txt":"","in_bin":[],"out_txt":"uid=1000(user29225) gid=1000(user29225) groups=1000(user29225) context=user_u:user_r:user_t:s0\r\n","out_bin":[]} :: [ 09:27:02 ] :: [ PASS ] :: Command 'grep user_u /home/user29225/output.txt' (Expected 0, got 0) :: [ 09:27:02 ] :: [ BEGIN ] :: Running 'userdel -rfZ user29225' userdel: user user29225 is currently used by process 10844 :: [ 09:27:02 ] :: [ PASS ] :: Command 'userdel -rfZ user29225' (Expected 0, got 0) :: [ 09:27:02 ] :: [ BEGIN ] :: Running 'useradd -Z sysadm_u user21745' :: [ 09:27:03 ] :: [ PASS ] :: Command 'useradd -Z sysadm_u user21745' (Expected 0, got 0) :: [ 09:27:03 ] :: [ BEGIN ] :: Running 'echo S3kr3t14315 | passwd --stdin user21745' :: [ 09:27:03 ] :: [ PASS ] :: Command 'echo S3kr3t14315 | passwd --stdin user21745' (Expected 0, got 0) :: [ 09:27:03 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user21745' :: [ 09:27:03 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user21745' (Expected 0, got 0) :: [ 09:27:03 ] :: [ BEGIN ] :: Running './ssh.exp user21745 S3kr3t14315 localhost tlog-rec -o output.txt id' spawn ssh -t user21745@localhost tlog-rec -o output.txt id user21745@localhost's password: uid=1000(user21745) gid=1000(user21745) groups=1000(user21745) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:27:04 ] :: [ PASS ] :: Command './ssh.exp user21745 S3kr3t14315 localhost tlog-rec -o output.txt id' (Expected 0, got 0) :: [ 09:27:04 ] :: [ BEGIN ] :: Running 'grep -i failed /var/tmp/rlRun_LOG.usUqLW5i' :: [ 09:27:04 ] :: [ PASS ] :: Command 'grep -i failed /var/tmp/rlRun_LOG.usUqLW5i' (Expected 1, got 1) :: [ 09:27:04 ] :: [ BEGIN ] :: Running 'ls -l /home/user21745/output.txt' -rw-------. 1 user21745 user21745 413 Jun 6 09:27 /home/user21745/output.txt :: [ 09:27:04 ] :: [ PASS ] :: Command 'ls -l /home/user21745/output.txt' (Expected 0, got 0) :: [ 09:27:04 ] :: [ BEGIN ] :: Running 'grep sysadm_u /home/user21745/output.txt' {"ver":"2.3","host":"mmalik-1mt-rhel-10.1-20250602.1-45037-2025-06-06-12-05","rec":"2a24053dc221432eac5f7b1830751356-360d-768d7","user":"user21745","term":"xterm-256color","session":13,"id":1,"pos":0,"time":1749216423.995,"timing":"=80x24+4>114","in_txt":"","in_bin":[],"out_txt":"uid=1000(user21745) gid=1000(user21745) groups=1000(user21745) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023\r\n","out_bin":[]} :: [ 09:27:04 ] :: [ PASS ] :: Command 'grep sysadm_u /home/user21745/output.txt' (Expected 0, got 0) :: [ 09:27:04 ] :: [ BEGIN ] :: Running 'userdel -rfZ user21745' userdel: user user21745 is currently used by process 10844 :: [ 09:27:04 ] :: [ PASS ] :: Command 'userdel -rfZ user21745' (Expected 0, got 0) :: [ 09:27:04 ] :: [ BEGIN ] :: Running 'useradd -Z unconfined_u user30079' :: [ 09:27:05 ] :: [ PASS ] :: Command 'useradd -Z unconfined_u user30079' (Expected 0, got 0) :: [ 09:27:05 ] :: [ BEGIN ] :: Running 'echo S3kr3t23279 | passwd --stdin user30079' :: [ 09:27:05 ] :: [ PASS ] :: Command 'echo S3kr3t23279 | passwd --stdin user30079' (Expected 0, got 0) :: [ 09:27:05 ] :: [ BEGIN ] :: Running 'restorecon -RvF /home/user30079' :: [ 09:27:05 ] :: [ PASS ] :: Command 'restorecon -RvF /home/user30079' (Expected 0, got 0) :: [ 09:27:05 ] :: [ BEGIN ] :: Running './ssh.exp user30079 S3kr3t23279 localhost tlog-rec -o output.txt id' spawn ssh -t user30079@localhost tlog-rec -o output.txt id user30079@localhost's password: uid=1000(user30079) gid=1000(user30079) groups=1000(user30079) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:27:06 ] :: [ PASS ] :: Command './ssh.exp user30079 S3kr3t23279 localhost tlog-rec -o output.txt id' (Expected 0, got 0) :: [ 09:27:06 ] :: [ BEGIN ] :: Running 'grep -i failed /var/tmp/rlRun_LOG.nqoo14s6' :: [ 09:27:06 ] :: [ PASS ] :: Command 'grep -i failed /var/tmp/rlRun_LOG.nqoo14s6' (Expected 1, got 1) :: [ 09:27:06 ] :: [ BEGIN ] :: Running 'ls -l /home/user30079/output.txt' -rw-------. 1 user30079 user30079 425 Jun 6 09:27 /home/user30079/output.txt :: [ 09:27:06 ] :: [ PASS ] :: Command 'ls -l /home/user30079/output.txt' (Expected 0, got 0) :: [ 09:27:06 ] :: [ BEGIN ] :: Running 'grep unconfined_u /home/user30079/output.txt' {"ver":"2.3","host":"mmalik-1mt-rhel-10.1-20250602.1-45037-2025-06-06-12-05","rec":"2a24053dc221432eac5f7b1830751356-3715-769ac","user":"user30079","term":"xterm-256color","session":14,"id":1,"pos":0,"time":1749216426.123,"timing":"=80x24+4>126","in_txt":"","in_bin":[],"out_txt":"uid=1000(user30079) gid=1000(user30079) groups=1000(user30079) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023\r\n","out_bin":[]} :: [ 09:27:06 ] :: [ PASS ] :: Command 'grep unconfined_u /home/user30079/output.txt' (Expected 0, got 0) :: [ 09:27:06 ] :: [ BEGIN ] :: Running 'userdel -rfZ user30079' userdel: user user30079 is currently used by process 10844 :: [ 09:27:07 ] :: [ PASS ] :: Command 'userdel -rfZ user30079' (Expected 0, got 0) :: [ 09:27:07 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login off' :: [ 09:27:07 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login off' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 39 good, 0 bad :: RESULT: PASS (RHEL-24946 + RHEL-25002) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: RHEL-46235 + RHEL-47241 + RHEL-56344 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: /run/tlog system_u:object_r:user_tmp_t:s0 :: [ 09:27:07 ] :: [ PASS ] :: Result of matchpathcon /run/tlog should contain user_tmp_t (Assert: expected 0, got 0) /run/tlog/session.8.lock system_u:object_r:user_tmp_t:s0 :: [ 09:27:08 ] :: [ PASS ] :: Result of matchpathcon /run/tlog/session.8.lock should contain user_tmp_t (Assert: expected 0, got 0) :: [ 09:27:08 ] :: [ INFO ] :: rlSESearchRule: checking rule 'allow staff_t user_tmp_t : file { create open read unlink } [ ]' FILTERED RULES allow application_domain_type user_tmp_t:file { map write }; allow domain tmpfile:file { append getattr ioctl lock read }; allow login_userdomain user_tmp_t:file { create open }; allow staff_t user_home_type:file { append create getattr ioctl link lock open read relabelfrom relabelto rename setattr unlink watch watch_reads write }; allow staff_usertype user_tmp_type:file { create link map open relabelfrom relabelto rename setattr unlink watch watch_reads write }; allow x_userdomain user_tmp_t:file { create link open rename setattr unlink watch watch_reads write }; :: [ 09:27:10 ] :: [ PASS ] :: check permission 'create' is present (Assert: '0' should equal '0') :: [ 09:27:10 ] :: [ PASS ] :: check permission 'open' is present (Assert: '0' should equal '0') :: [ 09:27:10 ] :: [ PASS ] :: check permission 'read' is present (Assert: '0' should equal '0') :: [ 09:27:10 ] :: [ PASS ] :: check permission 'unlink' is present (Assert: '0' should equal '0') :: [ 09:27:10 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login on' :: [ 09:27:10 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login on' (Expected 0, got 0) :: [ 09:27:10 ] :: [ BEGIN ] :: Running 'useradd -Z staff_u user5315' :: [ 09:27:11 ] :: [ PASS ] :: Command 'useradd -Z staff_u user5315' (Expected 0, got 0) :: [ 09:27:11 ] :: [ BEGIN ] :: Running 'echo S3kr3t21029 | passwd --stdin user5315' :: [ 09:27:11 ] :: [ PASS ] :: Command 'echo S3kr3t21029 | passwd --stdin user5315' (Expected 0, got 0) :: [ 09:27:11 ] :: [ BEGIN ] :: Running 'usermod -s /usr/bin/tlog-rec-session user5315' :: [ 09:27:11 ] :: [ PASS ] :: Command 'usermod -s /usr/bin/tlog-rec-session user5315' (Expected 0, got 0) :: [ 09:27:11 ] :: [ BEGIN ] :: Running './ssh.exp user5315 S3kr3t21029 localhost id' spawn ssh -t user5315@localhost id user5315@localhost's password: Locale charset is ANSI_X3.4-1968 (ASCII) Assuming locale environment is lost and charset is UTF-8 ATTENTION! Your session is being recorded! uid=1000(user5315) gid=1000(user5315) groups=1000(user5315) context=staff_u:staff_r:staff_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:27:11 ] :: [ PASS ] :: Command './ssh.exp user5315 S3kr3t21029 localhost id' (Expected 0, got 0) :: [ 09:27:11 ] :: [ BEGIN ] :: Running 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.3Pysp2A2' :: [ 09:27:11 ] :: [ PASS ] :: Command 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.3Pysp2A2' (Expected 1, got 1) :: [ 09:27:11 ] :: [ BEGIN ] :: Running 'ls -alZ /run/tlog/' total 0 drwxr-xr-x. 2 tlog tlog system_u:object_r:user_tmp_t:s0 40 Jun 6 09:27 . drwxr-xr-x. 36 root root system_u:object_r:var_run_t:s0 1080 Jun 6 09:26 .. :: [ 09:27:11 ] :: [ PASS ] :: Command 'ls -alZ /run/tlog/' (Expected 0, got 0) :: [ 09:27:11 ] :: [ BEGIN ] :: Running 'userdel -rfZ user5315' userdel: user user5315 is currently used by process 10844 :: [ 09:27:12 ] :: [ PASS ] :: Command 'userdel -rfZ user5315' (Expected 0, got 0) :: [ 09:27:12 ] :: [ BEGIN ] :: Running 'useradd -Z user_u user367' :: [ 09:27:13 ] :: [ PASS ] :: Command 'useradd -Z user_u user367' (Expected 0, got 0) :: [ 09:27:13 ] :: [ BEGIN ] :: Running 'echo S3kr3t22324 | passwd --stdin user367' :: [ 09:27:13 ] :: [ PASS ] :: Command 'echo S3kr3t22324 | passwd --stdin user367' (Expected 0, got 0) :: [ 09:27:13 ] :: [ BEGIN ] :: Running 'usermod -s /usr/bin/tlog-rec-session user367' :: [ 09:27:13 ] :: [ PASS ] :: Command 'usermod -s /usr/bin/tlog-rec-session user367' (Expected 0, got 0) :: [ 09:27:13 ] :: [ BEGIN ] :: Running './ssh.exp user367 S3kr3t22324 localhost id' spawn ssh -t user367@localhost id user367@localhost's password: Locale charset is ANSI_X3.4-1968 (ASCII) Assuming locale environment is lost and charset is UTF-8 ATTENTION! Your session is being recorded! uid=1000(user367) gid=1000(user367) groups=1000(user367) context=user_u:user_r:user_t:s0 Connection to localhost closed. :: [ 09:27:13 ] :: [ PASS ] :: Command './ssh.exp user367 S3kr3t22324 localhost id' (Expected 0, got 0) :: [ 09:27:13 ] :: [ BEGIN ] :: Running 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.GQDvTUA6' :: [ 09:27:13 ] :: [ PASS ] :: Command 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.GQDvTUA6' (Expected 1, got 1) :: [ 09:27:13 ] :: [ BEGIN ] :: Running 'ls -alZ /run/tlog/' total 0 drwxr-xr-x. 2 tlog tlog system_u:object_r:user_tmp_t:s0 40 Jun 6 09:27 . drwxr-xr-x. 36 root root system_u:object_r:var_run_t:s0 1080 Jun 6 09:26 .. :: [ 09:27:13 ] :: [ PASS ] :: Command 'ls -alZ /run/tlog/' (Expected 0, got 0) :: [ 09:27:13 ] :: [ BEGIN ] :: Running 'userdel -rfZ user367' userdel: user user367 is currently used by process 10844 :: [ 09:27:14 ] :: [ PASS ] :: Command 'userdel -rfZ user367' (Expected 0, got 0) :: [ 09:27:14 ] :: [ BEGIN ] :: Running 'useradd -Z sysadm_u user28019' :: [ 09:27:15 ] :: [ PASS ] :: Command 'useradd -Z sysadm_u user28019' (Expected 0, got 0) :: [ 09:27:15 ] :: [ BEGIN ] :: Running 'echo S3kr3t17868 | passwd --stdin user28019' :: [ 09:27:15 ] :: [ PASS ] :: Command 'echo S3kr3t17868 | passwd --stdin user28019' (Expected 0, got 0) :: [ 09:27:15 ] :: [ BEGIN ] :: Running 'usermod -s /usr/bin/tlog-rec-session user28019' :: [ 09:27:15 ] :: [ PASS ] :: Command 'usermod -s /usr/bin/tlog-rec-session user28019' (Expected 0, got 0) :: [ 09:27:15 ] :: [ BEGIN ] :: Running './ssh.exp user28019 S3kr3t17868 localhost id' spawn ssh -t user28019@localhost id user28019@localhost's password: Locale charset is ANSI_X3.4-1968 (ASCII) Assuming locale environment is lost and charset is UTF-8 ATTENTION! Your session is being recorded! uid=1000(user28019) gid=1000(user28019) groups=1000(user28019) context=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:27:15 ] :: [ PASS ] :: Command './ssh.exp user28019 S3kr3t17868 localhost id' (Expected 0, got 0) :: [ 09:27:15 ] :: [ BEGIN ] :: Running 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.dpbOwEBc' :: [ 09:27:15 ] :: [ PASS ] :: Command 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.dpbOwEBc' (Expected 1, got 1) :: [ 09:27:15 ] :: [ BEGIN ] :: Running 'ls -alZ /run/tlog/' total 0 drwxr-xr-x. 2 tlog tlog system_u:object_r:user_tmp_t:s0 40 Jun 6 09:27 . drwxr-xr-x. 36 root root system_u:object_r:var_run_t:s0 1080 Jun 6 09:26 .. :: [ 09:27:15 ] :: [ PASS ] :: Command 'ls -alZ /run/tlog/' (Expected 0, got 0) :: [ 09:27:15 ] :: [ BEGIN ] :: Running 'userdel -rfZ user28019' userdel: user user28019 is currently used by process 10844 :: [ 09:27:16 ] :: [ PASS ] :: Command 'userdel -rfZ user28019' (Expected 0, got 0) :: [ 09:27:16 ] :: [ BEGIN ] :: Running 'useradd -Z unconfined_u user28680' :: [ 09:27:17 ] :: [ PASS ] :: Command 'useradd -Z unconfined_u user28680' (Expected 0, got 0) :: [ 09:27:17 ] :: [ BEGIN ] :: Running 'echo S3kr3t1463 | passwd --stdin user28680' :: [ 09:27:17 ] :: [ PASS ] :: Command 'echo S3kr3t1463 | passwd --stdin user28680' (Expected 0, got 0) :: [ 09:27:17 ] :: [ BEGIN ] :: Running 'usermod -s /usr/bin/tlog-rec-session user28680' :: [ 09:27:17 ] :: [ PASS ] :: Command 'usermod -s /usr/bin/tlog-rec-session user28680' (Expected 0, got 0) :: [ 09:27:17 ] :: [ BEGIN ] :: Running './ssh.exp user28680 S3kr3t1463 localhost id' spawn ssh -t user28680@localhost id user28680@localhost's password: Locale charset is ANSI_X3.4-1968 (ASCII) Assuming locale environment is lost and charset is UTF-8 ATTENTION! Your session is being recorded! uid=1000(user28680) gid=1000(user28680) groups=1000(user28680) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Connection to localhost closed. :: [ 09:27:18 ] :: [ PASS ] :: Command './ssh.exp user28680 S3kr3t1463 localhost id' (Expected 0, got 0) :: [ 09:27:18 ] :: [ BEGIN ] :: Running 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.1P4cXYM9' :: [ 09:27:18 ] :: [ PASS ] :: Command 'grep -i -e 'failed.*lock' -e 'permission.*denied' /var/tmp/rlRun_LOG.1P4cXYM9' (Expected 1, got 1) :: [ 09:27:18 ] :: [ BEGIN ] :: Running 'ls -alZ /run/tlog/' total 0 drwxr-xr-x. 2 tlog tlog system_u:object_r:user_tmp_t:s0 40 Jun 6 09:27 . drwxr-xr-x. 36 root root system_u:object_r:var_run_t:s0 1080 Jun 6 09:26 .. :: [ 09:27:18 ] :: [ PASS ] :: Command 'ls -alZ /run/tlog/' (Expected 0, got 0) :: [ 09:27:18 ] :: [ BEGIN ] :: Running 'userdel -rfZ user28680' userdel: user user28680 is currently used by process 10844 :: [ 09:27:18 ] :: [ PASS ] :: Command 'userdel -rfZ user28680' (Expected 0, got 0) :: [ 09:27:18 ] :: [ BEGIN ] :: Running 'setsebool ssh_sysadm_login off' :: [ 09:27:18 ] :: [ PASS ] :: Command 'setsebool ssh_sysadm_login off' (Expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 11s :: Assertions: 36 good, 0 bad :: RESULT: PASS (RHEL-46235 + RHEL-47241 + RHEL-56344) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Cleanup :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 09:27:21 ] :: [ LOG ] :: rlSEAVCCheck: Search for AVCs, USER_AVCs, SELINUX_ERRs, and USER_SELINUX_ERRs since timestamp 'TIMESTAMP' [06/06/2025 09:26:24] :: [ 09:27:21 ] :: [ INFO ] :: rlSEAVCCheck: ignoring patterns: :: [ 09:27:21 ] :: [ INFO ] :: rlSEAVCCheck: type=USER_AVC.*received (policyload|setenforce) notice :: [ 09:27:21 ] :: [ INFO ] :: rlSEAVCCheck: type=AVC.*denied.* signal .*scontext=.*guest_t:.*tcontext=.*:init_t:.*tclass=proces :: [ 09:27:21 ] :: [ PASS ] :: Check there are no unexpected AVCs/ERRORs (Assert: expected 0, got 0) :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Duration: 2s :: Assertions: 1 good, 0 bad :: RESULT: PASS (Cleanup)