Bug 2051852
| Summary: | avc: denied { unlink } for pid=49204 comm="systemd-user-ru" | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Frank Liang <xiliang> | ||||
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 9.0 | CC: | linl, lvrabec, mmalik, ribarry, ssekidde, vkuznets, xuazhao, ymao | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2022-02-08 12:46:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 2000039 *** |
Created attachment 1859718 [details] os_tests.tests.test_general_check.TestGeneralCheck.test_check_avclog.debug Description of problem: Found below denied logs from RHEL-9(RHEL-9.0.0-20220207.2) testing. # ausearch -i -m AVC -ts today ---- type=PROCTITLE msg=audit(02/08/2022 03:30:57.045:1019) : proctitle=/usr/lib/systemd/systemd-user-runtime-dir stop 1000 type=SYSCALL msg=audit(02/08/2022 03:30:57.045:1019) : arch=x86_64 syscall=unlinkat success=no exit=EACCES(Permission denied) a0=0x3 a1=0x5651b16f7a43 a2=0x0 a3=0x9b items=0 ppid=1 pid=49204 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-user-ru exe=/usr/lib/systemd/systemd-user-runtime-dir subj=system_u:system_r:systemd_logind_t:s0 key=(null) type=AVC msg=audit(02/08/2022 03:30:57.045:1019) : avc: denied { unlink } for pid=49204 comm=systemd-user-ru name=bus dev="tmpfs" ino=15 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0 INFO:Run on remote: rpm -qa selinux\* container\* | sort INFO:CMD ret: 0 out:containernetworking-plugins-1.0.1-3.el9.x86_64 containers-common-1-13.el9.noarch container-selinux-2.176.0-1.el9.noarch selinux-policy-34.1.23-1.el9.noarch selinux-policy-targeted-34.1.23-1.el9.noarch RHEL Version: RHEL-9.0(5.14.0-55.el9.x86_64) How reproducible: 100% Steps to Reproduce: 1. Start a RHEL-9 instance on aws 2. Run 'ausearch -i -m AVC -ts today' Actual results: New deny log found Expected results: No avc deny log found by default Additional info: - N/A