Bug 1759932

Summary: [Fedora-31][selinux-policy] avc: denied { read } for pid=46110 comm="groupadd"
Product: [Fedora] Fedora Reporter: PaulB <pbunyan>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 31CC: dwalsh, lvrabec, mgrepl, plautrba, zpytela
Target Milestone: ---   
Target Release: ---   
Hardware: aarch64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-10 07:09:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description PaulB 2019-10-09 12:49:14 UTC 
Description of problem:
The following issue is seen with Fedora-31-20191005.n.0 installed:
 Fedora-31-20191005.n.0

Version-Release number of selected component (if applicable):
distro: Fedora-31-20191005.n.0
kernel: 5.3.2-300.fc31.aarch64
selinux-policy: selinux-policy-3.14.4-35.fc31.noarch

How reproducible:
 100%


Steps to Reproduce:
1. Install aarch64 system with Fedora-31-20191005.n.0
2.


Actual results:
https://beaker.engineering.redhat.com/jobs/3829243
http://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2019/10/38292/3829243/7443735/100468719/462180333/avc.log
---<-snip->---
type=AVC msg=audit(1570482971.642:136): avc:  denied  { read } for  pid=32885 comm="groupadd" path="pipe:[2889]" dev="pipefs" ino=2889 scontext=system_u:system_r:groupadd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=fifo_file permissive=0
---<-snip->---


Expected results:
No "avc:  denied" messages are expected.


Additional info:
Comment 1 PaulB 2019-10-09 12:50:23 UTC 
All,
Here is a reproducer:
distro: Fedora-31-20191005.n.0
kernel: 5.3.2-300.fc31.aarch64
selinux-policy: selinux-policy-3.14.4-35.fc31.noarch

https://beaker.engineering.redhat.com/jobs/3829400
http://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2019/10/38294/3829400/7444007/100470967/462192616/avc.log
---<-snip->---
type=AVC msg=audit(1570487176.575:146): avc:  denied  { read } for  pid=39718 comm="groupadd" path="pipe:[76914]" dev="pipefs" ino=76914 scontext=system_u:system_r:groupadd_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=fifo_file permissive=0
---<-snip->---

Best,
-pbunyan
Comment 2 Lukas Vrabec 2019-10-10 07:09:59 UTC 

*** This bug has been marked as a duplicate of bug 1754219 ***