Bug 1715052
| Summary: | avc: denied { read } for comm="dogtag-ipa-rene" name="tokens" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Kaleem <ksiddiqu> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.1 | CC: | lvrabec, mmalik, plautrba, ssekidde, zpytela | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.1 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-11-05 22:11:44 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3547 |
Created attachment 1574786 [details] avc.log Description of problem: Following avc denial seen during IPA install time->Wed May 29 08:15:55 2019 type=PROCTITLE msg=audit(1559132155.222:1421): proctitle="/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit" type=PATH msg=audit(1559132155.222:1421): item=0 name="/var/lib/softhsm/tokens/" inode=71308669 dev=fd:01 mode=041770 ouid=991 ogid=987 rdev=00:00 obj=system_u:object_r:named_cache_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1559132155.222:1421): cwd="/" type=SYSCALL msg=audit(1559132155.222:1421): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5645329b5a80 a2=90800 a3=0 items=1 ppid=31158 pid=31178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-ipa-rene" exe="/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit" subj=system_u:system_r:certmonger_t:s0 key=(null) type=AVC msg=audit(1559132155.222:1421): avc: denied { read } for pid=31178 comm="dogtag-ipa-rene" name="tokens" dev="vda1" ino=71308669 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:named_cache_t:s0 tclass=dir permissive=0 Please find the attachment file, in that there are couple more avc denials. Version-Release number of selected component (if applicable): selinux-policy-3.14.3-6.el8.noarch ipa-server-4.7.1-12.module+el8.1.0+3063+73c32a34.x86_64 How reproducible: Always Steps to Reproduce: 1. IPA install Actual results: avc denial seen Expected results: no avc denial should be there. Additional info: attachment file having complete avc log file.