Hide Forgot
Description of problem: there si avc denial when running systemctl restart portreserve.service Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 7.0 Beta (Maipo) kernel-3.10.0-33.el7.x86_64 selinux-policy-3.12.1-95.el7.noarch systemd-207-4.el7.x86_64 portreserve-0.0.5-7.el7.x86_64 sssd-common-1.11.1-2.el7.x86_64 How reproducible: thatss strange. I can see the issue only once when running in the beaker. Its reproducible only if you clone the beaker job Steps to Reproduce: 1. systemctl restart portreserve.service Actual results: avc denial: https://beaker.engineering.redhat.com/recipes/1115587#task16987703 https://beaker.engineering.redhat.com/recipes/1115408#task16985824 ---- time->Mon Nov 4 11:48:36 2013 type=SYSCALL msg=audit(1383583716.655:1019): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7fff86aac1c0 a2=6e a3=7fff86aabe90 items=0 ppid=1 pid=5187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="portreserve" exe="/usr/sbin/portreserve" subj=system_u:system_r:portreserve_t:s0 key=(null) type=AVC msg=audit(1383583716.655:1019): avc: denied { search } for pid=5187 comm="portreserve" name="sss" dev="dm-1" ino=135650791 scontext=system_u:system_r:portreserve_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir Expected results: no denial Additional info: /var/lib/sss is inod 135650791
Are you getting more AVC msgs in permissive mode if you re-test it?
There are no additional AVCs in permissive mode.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.