Bug 1968371
Summary: | denied { getattr } name="/" dev="proc" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Marius Vollmer <mvollmer> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 8.5 | CC: | lvrabec, mmalik, mpitt, plautrba, ssekidde |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | 8.5 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-08 10:04:43 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marius Vollmer
2021-06-07 08:33:18 UTC
Example journal messages: https://logs.cockpit-project.org/logs/pull-2085-20210607-060805-cb5ba903-rhel-8-5-cockpit-project-cockpit-machines/TestMachinesConsoles-testExternalConsole-rhel-8-5-127.0.0.2-2201-FAIL.log.gz It's not specific to sssd -- we also get e.g. these: audit: type=1400 audit(1623048358.340:103): avc: denied { getattr } for pid=24798 comm="cockpit-session" name="/" dev="proc" ino=1 scontext=system_u:system_r:cockpit_session_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0 audit: type=1400 audit(1623048358.463:105): avc: denied { getattr } for pid=24801 comm="unix_chkpwd" name="/" dev="proc" ino=1 scontext=system_u:system_r:chkpwd_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=0 I believe this bug is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1967125 Milos is right, will be allowed for all domains. *** This bug has been marked as a duplicate of bug 1967125 *** |