Bug 1739382
Summary: | [RHEL-8] avc denied detected while running ibacm test | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | zguo <zguo> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.1 | CC: | infiniband-qe, lvrabec, mmalik, plautrba, ssekidde, zpytela |
Target Milestone: | rc | ||
Target Release: | 8.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 22:12:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
zguo
2019-08-09 08:27:48 UTC
commit b7fd37c6dd892319963c1bf15f64ccfa39a7d6fc (HEAD -> rhel8.1-contrib) Author: Lukas Vrabec <lvrabec> Date: Fri Aug 9 14:53:15 2019 +0200 Update ibacm_t policy Allow ibacm_t domain to mmap own pid files Allow ibacm_t domain to getattr device filesystems Resolves: rhbz#1739382 Following SELinux denial appeared in the above-mentioned logs: ---- time->Tue Aug 20 18:58:02 2019 type=PROCTITLE msg=audit(1566341882.898:770): proctitle=2F7573722F7362696E2F696261636D002D2D73797374656D64 type=SYSCALL msg=audit(1566341882.898:770): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f815c4cdb30 a2=a0042 a3=1a4 items=0 ppid=1 pid=22980 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ibacm" exe="/usr/sbin/ibacm" subj=system_u:system_r:ibacm_t:s0 key=(null) type=AVC msg=audit(1566341882.898:770): avc: denied { write } for pid=22980 comm="ibacm" name="shm" dev="devtmpfs" ino=2101 scontext=system_u:system_r:ibacm_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir permissive=0 ---- It's strange that /dev/shm is labeled device_t. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3547 |