Bug 1654539 - SELinux prevents subscription manager from sending a D-bus message to puppet agent
Summary: SELinux prevents subscription manager from sending a D-bus message to puppet ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.6
Hardware: Unspecified
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-29 03:07 UTC by matt jia
Modified: 2019-02-28 19:09 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-28 19:09:21 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description matt jia 2018-11-29 03:07:06 UTC
Description of problem:

This seems like a regression of https://bugzilla.redhat.com/show_bug.cgi?id=1446777.


Version-Release number of selected component (if applicable):
subscription-manager-1.21.10-3.el7_6.x86_64 
selinux-policy-3.13.1-229.el7_6.5.noarch 

How reproducible:

Easy

Steps to Reproduce:
1. run subscription manager commands via puppet
2.
3.

Actual results:

type=USER_AVC msg=audit(1543208598.469:6064): pid=1000 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.2138 spid=2820 tpid=23716 scontext=system_u:system_r:rhsmcertd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:puppetagent_t:s0 tclass=dbus  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'

Expected results:

no errors

Comment 2 Zdenek Pytela 2019-02-28 19:09:21 UTC
This issue was not selected to be included in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available.

We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.


Note You need to log in before you can comment on or make changes to this bug.