Bug 2141311
| Summary: | Additional AVC denials for insights-client in RHEL 8.7 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Sam Morris <sam> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
| Priority: | medium | ||
| Version: | 8.7 | CC: | ahitacat, cmarinea, fjansen, jafiala, kyoneyam, lvrabec, mmalik, nknazeko, pakotvan, shivagup, stomsa, thomas.rumbaut |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.8 | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.14.3-114.el8 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-16 09:04:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Some denials have already been addressed.
These will be assessed further:
----
type=PROCTITLE msg=audit(09/11/22 03:56:17.081:8552) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l
type=SYSCALL msg=audit(09/11/22 03:56:17.081:8552) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x55eaf6276420 a1=X_OK|W_OK|R_OK a2=0x0 a3=0x0 items=0 ppid=666374 pid=666375 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(09/11/22 03:56:17.081:8552) : avc: denied { write } for pid=666375 comm=semanage name=modules dev="dm-0" ino=17493966 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir permissive=0
----
type=PROCTITLE msg=audit(09/11/22 03:56:21.781:8555) : proctitle=/usr/libexec/platform-python /usr/bin/vdo status
type=SYSCALL msg=audit(09/11/22 03:56:21.781:8555) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f15e560d3f8 a2=O_RDWR|O_CLOEXEC a3=0x0 items=0 ppid=666407 pid=666408 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=vdo exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(09/11/22 03:56:21.781:8555) : avc: denied { write } for pid=666408 comm=vdo name=_etc_vdoconf.yml.lock dev="tmpfs" ino=33443 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/11/22 03:56:48.257:8567) : proctitle=/usr/sbin/gluster volume info
type=PATH msg=audit(09/11/22 03:56:48.257:8567) : item=0 name=/var/log/glusterfs/cli.log inode=1937512 dev=fd:00 mode=file,600 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/11/22 03:56:48.257:8567) : cwd=/
type=SYSCALL msg=audit(09/11/22 03:56:48.257:8567) : arch=x86_64 syscall=openat success=yes exit=5 a0=AT_FDCWD a1=0x55b9e88940a5 a2=O_WRONLY|O_CREAT|O_APPEND a3=0x180 items=1 ppid=667221 pid=667222 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gluster exe=/usr/sbin/gluster subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(09/11/22 03:56:48.257:8567) : avc: denied { create } for pid=667222 comm=gluster name=cli.log scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0
---
For these, additional data are needed:
----
type=PROCTITLE msg=audit(09/11/22 03:53:37.271:8508) : proctitle=find /etc /opt -name *.conf
type=SYSCALL msg=audit(09/11/22 03:53:37.271:8508) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=0x7 a1=0x564548486d98 a2=O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=0 ppid=663611 pid=663628 auid=unset uid=hitron-exporter gid=hitron-exporter euid=hitron-exporter suid=hitron-exporter fsuid=hitron-exporter egid=hitron-exporter sgid=hitron-exporter fsgid=hitron-exporter tty=(none) ses=unset comm=find exe=/usr/bin/find subj=system_u:system_r:container_t:s0:c478,c660 key=(null)
type=AVC msg=audit(09/11/22 03:53:37.271:8508) : avc: denied { read } for pid=663628 comm=find name=nssdb dev="dm-0" ino=33983018 scontext=system_u:system_r:container_t:s0:c478,c660 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=0
----
type=PROCTITLE msg=audit(09/11/22 03:55:33.885:8535) : proctitle=/usr/bin/ipcs -s -i 3
type=SYSCALL msg=audit(09/11/22 03:55:33.885:8535) : arch=x86_64 syscall=semctl success=no exit=EACCES(Permission denied) a0=0x3 a1=0x0 a2=0xc a3=0x0 items=0 ppid=665316 pid=665317 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ipcs exe=/usr/bin/ipcs subj=system_u:system_r:insights_client_t:s0 key=(null)
type=AVC msg=audit(09/11/22 03:55:33.885:8535) : avc: denied { unix_read } for pid=665317 comm=ipcs ipc_key=1071980 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0
----
Thanks for taking a look. > find /etc /opt -name *.conf Actaully looking at what I provided I don't see insights_client_t in the AVC information. I'm not sure how it got in there given my ausearch command. This is probably my error in copying the logs from the other system, sorry about that. Let's ignore this one unless you recognize the "find /etc /opt -name *.conf" command as being something that insights-client tries to run? > /usr/bin/ipcs -s -i 3 If I understand correctly insights-client is displaying information about SysV semarphore array id 3. # ipcs -s -i 3 Semaphore Array semid=3 uid=0 gid=0 cuid=0 cgid=0 mode=0666, access_perms=0666 nsems = 2 otime = Fri Nov 11 09:16:10 2022 ctime = Tue Nov 8 11:49:00 2022 semnum value ncount zcount pid 0 99 0 0 2458542 1 1 0 0 976 [root@xoanon raddb]# ps 2458542 976 PID TTY STAT TIME COMMAND 976 ? S< 2:03 /usr/sbin/atopacctd 2458542 ? S<Ls 0:11 /usr/bin/atop -w /var/log/atop/atop_20221111 600 So these are owned by atop that isn't a part of RHEL. I guess the question is: should insights_client_t be able to poke around inside unconfined_t? If not, should there be some dontaudit rules to prevent it from cluttering up the logs? (In reply to Sam Morris from comment #2) > > find /etc /opt -name *.conf > > Actaully looking at what I provided I don't see insights_client_t in the AVC > information. I'm not sure how it got in there given my ausearch command. > This is probably my error in copying the logs from the other system, sorry > about that. Let's ignore this one unless you recognize the "find /etc /opt > -name *.conf" command as being something that insights-client tries to run? I really don't know, but containers are not allowed to access data outside in general. Maybe the uid=hitron-exporter entry can work as a hint. > > /usr/bin/ipcs -s -i 3 > > If I understand correctly insights-client is displaying information about > SysV semarphore array id 3. > > # ipcs -s -i 3 > > Semaphore Array semid=3 > uid=0 gid=0 cuid=0 cgid=0 > mode=0666, access_perms=0666 > nsems = 2 > otime = Fri Nov 11 09:16:10 2022 > ctime = Tue Nov 8 11:49:00 2022 > semnum value ncount zcount pid > 0 99 0 0 2458542 > 1 1 0 0 976 > > [root@xoanon raddb]# ps 2458542 976 > PID TTY STAT TIME COMMAND > 976 ? S< 2:03 /usr/sbin/atopacctd > 2458542 ? S<Ls 0:11 /usr/bin/atop -w /var/log/atop/atop_20221111 600 > > So these are owned by atop that isn't a part of RHEL. > > I guess the question is: should insights_client_t be able to poke around > inside unconfined_t? If not, should there be some dontaudit rules to prevent > it from cluttering up the logs? Correct and the question is also a good one, just note it is unconfined_service_t, i. e. a process/service started by systemd. > find /etc /opt -name *.conf Looks like this could have come from https://github.com/RedHatInsights/insights-core/blob/b74fbdb7da4d937ae7e51e02afae9a64de975981/insights/specs/datasources/container/nginx_conf.py#L14 - but I don't understand why the scontext is container_t if it's being run by insights-client... Oh I see - it's running 'find /etc /opt -name *.conf' in all containers in order to search for containers that look like they're running nginx. On the one hand, insights-client's behaviour of executing commands inside all running containers on the system is a bit unexpected... on the other I guess I can say that it has revealed this problem to me. :) The AVC denail is happening because I bind mount /etc/ipa into the container. My own code never touches /etc/ipa/nssdb so I never triggered this denial before. I've given this some thought and I think this is a bug in FreeIPA or the SELinux policy. I'm taking this to <>, so we can ignore this particular denial. Sorry for the noise, mailing list reference is <https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/EXFDIQJDN7YOGWKE52G3T6G66S5V6GYN/> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2965 |
Description of problem: In RHEL 8.7 I'm seeing some AVC denials from insights-client - I guess a few more things need to be added to SELinux policy. Version-Release number of selected component (if applicable): insights-client-3.1.7-8.el8.noarch selinux-policy-3.14.3-108.el8.noarch How reproducible: Always Steps to Reproduce: 1. Register insights-client 2. systemctl start insights-client --wait 3. Check audit logs with 'ausearch -i -m avc -ts today -se insights_client_t' Actual results: On one system: ---- type=PROCTITLE msg=audit(09/11/22 01:25:05.541:450514) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 01:25:05.541:450514) : arch=x86_64 syscall=socket success=no exit=EACCES(Permission denied) a0=netlink a1=SOCK_RAW a2=igp a3=0x7f33f7e289f8 items=0 ppid=321787 pid=321788 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:05.541:450514) : avc: denied { create } for pid=321788 comm=semanage scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:insights_client_t:s0 tclass=netlink_audit_socket permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 01:25:05.622:450515) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 01:25:05.622:450515) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x5617a87095b0 a1=X_OK|W_OK|R_OK a2=0x0 a3=0x0 items=0 ppid=321787 pid=321788 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:05.622:450515) : avc: denied { write } for pid=321788 comm=semanage name=modules dev="dm-0" ino=34847828 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 01:25:05.622:450516) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 01:25:05.622:450516) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x5617a87095b0 a1=X_OK|W_OK|R_OK a2=0x0 a3=0x100 items=0 ppid=321787 pid=321788 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:05.622:450516) : avc: denied { write } for pid=321788 comm=semanage name=modules dev="dm-0" ino=34847828 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 01:25:08.140:450524) : proctitle=/usr/libexec/platform-python /usr/bin/vdo status type=SYSCALL msg=audit(09/11/22 01:25:08.140:450524) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f40af78df80 a2=O_RDWR|O_CLOEXEC a3=0x0 items=0 ppid=321795 pid=321796 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=vdo exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:08.140:450524) : avc: denied { write } for pid=321796 comm=vdo name=_etc_vdoconf.yml.lock dev="tmpfs" ino=24856 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 01:25:17.534:450531) : proctitle=/usr/bin/ipcs -s -i 2 type=SYSCALL msg=audit(09/11/22 01:25:17.534:450531) : arch=x86_64 syscall=semctl success=no exit=EACCES(Permission denied) a0=0x2 a1=0x0 a2=0xc a3=0x0 items=0 ppid=321982 pid=321983 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ipcs exe=/usr/bin/ipcs subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:17.534:450531) : avc: denied { unix_read } for pid=321983 comm=ipcs key=\020q scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 01:25:17.949:450533) : proctitle=/usr/bin/ipcs -s -i 3 type=SYSCALL msg=audit(09/11/22 01:25:17.949:450533) : arch=x86_64 syscall=semctl success=no exit=EACCES(Permission denied) a0=0x3 a1=0x0 a2=0xc a3=0x0 items=0 ppid=322001 pid=322002 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ipcs exe=/usr/bin/ipcs subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 01:25:17.949:450533) : avc: denied { unix_read } for pid=322002 comm=ipcs key=\020q scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0 On another system: ---- type=PROCTITLE msg=audit(09/11/22 03:53:37.271:8508) : proctitle=find /etc /opt -name *.conf type=SYSCALL msg=audit(09/11/22 03:53:37.271:8508) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=0x7 a1=0x564548486d98 a2=O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC a3=0x0 items=0 ppid=663611 pid=663628 auid=unset uid=hitron-exporter gid=hitron-exporter euid=hitron-exporter suid=hitron-exporter fsuid=hitron-exporter egid=hitron-exporter sgid=hitron-exporter fsgid=hitron-exporter tty=(none) ses=unset comm=find exe=/usr/bin/find subj=system_u:system_r:container_t:s0:c478,c660 key=(null) type=AVC msg=audit(09/11/22 03:53:37.271:8508) : avc: denied { read } for pid=663628 comm=find name=nssdb dev="dm-0" ino=33983018 scontext=system_u:system_r:container_t:s0:c478,c660 tcontext=system_u:object_r:cert_t:s0 tclass=dir permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:33.885:8535) : proctitle=/usr/bin/ipcs -s -i 3 type=SYSCALL msg=audit(09/11/22 03:55:33.885:8535) : arch=x86_64 syscall=semctl success=no exit=EACCES(Permission denied) a0=0x3 a1=0x0 a2=0xc a3=0x0 items=0 ppid=665316 pid=665317 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ipcs exe=/usr/bin/ipcs subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:33.885:8535) : avc: denied { unix_read } for pid=665317 comm=ipcs ipc_key=1071980 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:33.978:8536) : proctitle=/usr/bin/ipcs -s -i 2 type=SYSCALL msg=audit(09/11/22 03:55:33.978:8536) : arch=x86_64 syscall=semctl success=no exit=EACCES(Permission denied) a0=0x2 a1=0x0 a2=0xc a3=0x0 items=0 ppid=665319 pid=665321 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ipcs exe=/usr/bin/ipcs subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:33.978:8536) : avc: denied { unix_read } for pid=665321 comm=ipcs ipc_key=1071979 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=sem permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:41.686:8541) : proctitle=/usr/bin/luksmeta show -d /dev/disk/by-uuid/xxxxx type=SYSCALL msg=audit(09/11/22 03:55:41.686:8541) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f7aa63614e7 a2=O_RDONLY|O_NONBLOCK|O_CLOEXEC a3=0x0 items=0 ppid=665965 pid=665966 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=luksmeta exe=/usr/bin/luksmeta subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:41.686:8541) : avc: denied { read } for pid=665966 comm=luksmeta name=random dev="devtmpfs" ino=34 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:41.785:8542) : proctitle=/usr/bin/luksmeta show -d /dev/disk/by-uuid/yyyyy type=SYSCALL msg=audit(09/11/22 03:55:41.785:8542) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f62595514e7 a2=O_RDONLY|O_NONBLOCK|O_CLOEXEC a3=0x0 items=0 ppid=665972 pid=665973 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=luksmeta exe=/usr/bin/luksmeta subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:41.785:8542) : avc: denied { read } for pid=665973 comm=luksmeta name=random dev="devtmpfs" ino=34 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:41.883:8543) : proctitle=/usr/bin/luksmeta show -d /dev/disk/by-uuid/zzzzz type=SYSCALL msg=audit(09/11/22 03:55:41.883:8543) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7fad059c14e7 a2=O_RDONLY|O_NONBLOCK|O_CLOEXEC a3=0x0 items=0 ppid=665980 pid=665981 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=luksmeta exe=/usr/bin/luksmeta subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:41.883:8543) : avc: denied { read } for pid=665981 comm=luksmeta name=random dev="devtmpfs" ino=34 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:55:41.986:8544) : proctitle=/usr/bin/luksmeta show -d /dev/disk/by-uuid/aaaaa type=SYSCALL msg=audit(09/11/22 03:55:41.986:8544) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f93a0c114e7 a2=O_RDONLY|O_NONBLOCK|O_CLOEXEC a3=0x0 items=0 ppid=665984 pid=665987 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=luksmeta exe=/usr/bin/luksmeta subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:55:41.986:8544) : avc: denied { read } for pid=665987 comm=luksmeta name=random dev="devtmpfs" ino=34 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:17.065:8551) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 03:56:17.065:8551) : arch=x86_64 syscall=socket success=no exit=EACCES(Permission denied) a0=netlink a1=SOCK_RAW a2=igp a3=0x7f243224f408 items=0 ppid=666374 pid=666375 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:17.065:8551) : avc: denied { create } for pid=666375 comm=semanage scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:system_r:insights_client_t:s0 tclass=netlink_audit_socket permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:17.081:8552) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 03:56:17.081:8552) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x55eaf6276420 a1=X_OK|W_OK|R_OK a2=0x0 a3=0x0 items=0 ppid=666374 pid=666375 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:17.081:8552) : avc: denied { write } for pid=666375 comm=semanage name=modules dev="dm-0" ino=17493966 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:17.081:8553) : proctitle=/usr/libexec/platform-python -Es /sbin/semanage login -l type=SYSCALL msg=audit(09/11/22 03:56:17.081:8553) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x55eaf6276420 a1=X_OK|W_OK|R_OK a2=0x0 a3=0x100 items=0 ppid=666374 pid=666375 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=semanage exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:17.081:8553) : avc: denied { write } for pid=666375 comm=semanage name=modules dev="dm-0" ino=17493966 scontext=system_u:system_r:insights_client_t:s0 tcontext=unconfined_u:object_r:semanage_store_t:s0 tclass=dir permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:21.781:8555) : proctitle=/usr/libexec/platform-python /usr/bin/vdo status type=SYSCALL msg=audit(09/11/22 03:56:21.781:8555) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f15e560d3f8 a2=O_RDWR|O_CLOEXEC a3=0x0 items=0 ppid=666407 pid=666408 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=vdo exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:21.781:8555) : avc: denied { write } for pid=666408 comm=vdo name=_etc_vdoconf.yml.lock dev="tmpfs" ino=33443 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:48.201:8566) : proctitle=/usr/sbin/gluster volume info type=SYSCALL msg=audit(09/11/22 03:56:48.201:8566) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x7feb9fc4c504 a1=R_OK a2=0x55b9e9a6ca20 a3=0x0 items=0 ppid=667221 pid=667222 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gluster exe=/usr/sbin/gluster subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:48.201:8566) : avc: denied { read } for pid=667222 comm=gluster name=random dev="devtmpfs" ino=34 scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file permissive=0 ---- type=PROCTITLE msg=audit(09/11/22 03:56:48.257:8567) : proctitle=/usr/sbin/gluster volume info type=PATH msg=audit(09/11/22 03:56:48.257:8567) : item=0 name=/var/log/glusterfs/cli.log inode=1937512 dev=fd:00 mode=file,600 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_log_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(09/11/22 03:56:48.257:8567) : cwd=/ type=SYSCALL msg=audit(09/11/22 03:56:48.257:8567) : arch=x86_64 syscall=openat success=yes exit=5 a0=AT_FDCWD a1=0x55b9e88940a5 a2=O_WRONLY|O_CREAT|O_APPEND a3=0x180 items=1 ppid=667221 pid=667222 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=gluster exe=/usr/sbin/gluster subj=system_u:system_r:insights_client_t:s0 key=(null) type=AVC msg=audit(09/11/22 03:56:48.257:8567) : avc: denied { create } for pid=667222 comm=gluster name=cli.log scontext=system_u:system_r:insights_client_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 Expected results: No output Additional info: