Bug 2282396
| Summary: | Installing a package triggers systemd and selinux generators which causes AVC errors | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tomáš Hozza <thozza> |
| Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dwalsh, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-05-22 13:59:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 2280935 *** |
I'm observing AVCs when installing osbuild-ostree package as part of the Fedora installability test: ---- type=AVC msg=audit(05/22/2024 08:40:57.441:687) : avc: denied { map_read map_write } for pid=4024 comm=selinux-autorel scontext=system_u:system_r:selinux_autorelabel_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 ---- type=AVC msg=audit(05/22/2024 08:40:57.447:688) : avc: denied { map_read map_write } for pid=4028 comm=systemd-fstab-g scontext=system_u:system_r:systemd_fstab_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 ---- type=AVC msg=audit(05/22/2024 08:40:57.457:689) : avc: denied { map_read map_write } for pid=4030 comm=systemd-gpt-aut scontext=system_u:system_r:systemd_gpt_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 ---- type=AVC msg=audit(05/22/2024 08:40:57.459:690) : avc: denied { map_read map_write } for pid=4033 comm=systemd-rc-loca scontext=system_u:system_r:systemd_rc_local_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 ---- type=AVC msg=audit(05/22/2024 08:40:57.475:691) : avc: denied { map_read map_write } for pid=4038 comm=systemd-sysv-ge scontext=system_u:system_r:systemd_sysv_generator_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=bpf permissive=0 ---- type=AVC msg=audit(05/22/2024 08:40:57.511:692) : avc: denied { read } for pid=4035 comm=systemd-ssh-gen name=vsock dev="devtmpfs" ino=386 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:vsock_device_t:s0 tclass=chr_file permissive=0 No AVCs are observed with the same package on older Fedora releases. https://src.fedoraproject.org/rpms/osbuild/pull-request/281 https://artifacts.dev.testing-farm.io/dbe11dc8-4386-4c99-8d28-7bde961fc22a/ Reproducible: Always