Bug 1925472
| Summary: | AVC denial in multiple ipa-tests testsuite ran in FIPS mode | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Mohammad Rizwan <myusuf> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Milos Malik <mmalik> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.4 | CC: | abokovoy, lvrabec, mmalik, plautrba, rcritten, ssekidde, sumenon, tscherf |
| Target Milestone: | rc | ||
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-05 19:16:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Moving to selinux-policy to investigate. # rpm -qf /usr/share/selinux/targeted/default/active/modules/100/rhsmcertd selinux-policy-targeted-3.14.3-62.el8.noarch This issue is already known as: * https://bugzilla.redhat.com/show_bug.cgi?id=1923985 Which means this bug is a duplicate. *** This bug has been marked as a duplicate of bug 1923985 *** |
Description of problem: AVC denial in multiple ipa-tests testsuite ran in FIPS mode. ipa-getcert and ipa-automember result are attached. Version-Release number of selected component (if applicable): rhel8.4 selinux-policy-3.14.3-62.el8.noarch ipa-selinux-4.9.1-1.module+el8.4.0+9665+c9815399.noarch How reproducible: always Steps to Reproduce: 1. run ipa-getcert or ipa-automember testsuite Actual results: AVC denial Expected results: no AVC denial Additional info: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-3.14.3-62.el8.noarch ---- time->Fri Feb 5 03:06:27 2021 type=PROCTITLE msg=audit(1612512387.256:1355): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002F7573722F6C6962657865632F7268736D63657274642D776F726B6572002D2D6175746F6865616C type=SOCKADDR msg=audit(1612512387.256:1355): saddr=0A000000000000000000000000000000000000000000000100000000 type=SYSCALL msg=audit(1612512387.256:1355): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=7ffee79e97d0 a2=1c a3=31 items=0 ppid=1091 pid=39659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(1612512387.256:1355): avc: denied { node_bind } for pid=39659 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0