Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1702170

Summary: AVC denials noticed during ipa-migration process
Product: Red Hat Enterprise Linux 7 Reporter: Nikhil Dehadrai <ndehadra>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Milos Malik <mmalik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.7CC: lvrabec, mmalik, plautrba, ssekidde, vmojzis, zpytela
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-23 08:49:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikhil Dehadrai 2019-04-23 06:54:14 UTC 
Description of problem:
AVC denials noticed during ipa-migration process

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-243.el7.noarch


Steps to Reproduce:
1. Execute test suite foe IPA-migration (in my case RHEL 7.7 to RHE 8.0)


Actual results:
AVC denials are observed

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
selinux-policy-3.13.1-243.el7.noarch
----
time->Mon Apr 22 15:04:58 2019
type=PROCTITLE msg=audit(1555938298.797:438): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D636166696C65002F7661722F6C69622F6970612F746D705A69314E5032002D2D65652D75726C00687474703A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383038302F63612F65652F63612F002D
type=PATH msg=audit(1555938298.797:438): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938298.797:438):  cwd="/"
type=SYSCALL msg=audit(1555938298.797:438): arch=c000003e syscall=137 success=no exit=-13 a0=555ea9c94f88 a1=7ffef33f0e20 a2=0 a3=7fc089fcc7b8 items=1 ppid=18309 pid=18516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938298.797:438): avc:  denied  { getattr } for  pid=18516 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:04:58 2019
type=PROCTITLE msg=audit(1555938298.834:439): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D636166696C65002F7661722F6C69622F6970612F746D705A69314E5032002D2D65652D75726C00687474703A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383038302F63612F65652F63612F002D
type=PATH msg=audit(1555938298.834:439): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938298.834:439):  cwd="/"
type=SYSCALL msg=audit(1555938298.834:439): arch=c000003e syscall=137 success=no exit=-13 a0=555ea9cb46f8 a1=7ffef33f0e20 a2=0 a3=0 items=1 ppid=18309 pid=18516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938298.834:439): avc:  denied  { getattr } for  pid=18516 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:05:47 2019
type=PROCTITLE msg=audit(1555938347.071:445): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938347.071:445): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938347.071:445):  cwd="/"
type=SYSCALL msg=audit(1555938347.071:445): arch=c000003e syscall=137 success=no exit=-13 a0=55c12209fce8 a1=7ffd3a8d4620 a2=0 a3=7ff6147807b8 items=1 ppid=18309 pid=19390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938347.071:445): avc:  denied  { getattr } for  pid=19390 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:05:47 2019
type=PROCTITLE msg=audit(1555938347.072:446): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938347.072:446): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938347.072:446):  cwd="/"
type=SYSCALL msg=audit(1555938347.072:446): arch=c000003e syscall=137 success=no exit=-13 a0=55c1220e0428 a1=7ffd3a8d4620 a2=0 a3=0 items=1 ppid=18309 pid=19390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938347.072:446): avc:  denied  { getattr } for  pid=19390 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:05:47 2019
type=PROCTITLE msg=audit(1555938347.710:447): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938347.710:447): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938347.710:447):  cwd="/"
type=SYSCALL msg=audit(1555938347.710:447): arch=c000003e syscall=137 success=no exit=-13 a0=560d7c03e738 a1=7ffc97d0e860 a2=0 a3=7f6e5be197b8 items=1 ppid=18309 pid=19407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938347.710:447): avc:  denied  { getattr } for  pid=19407 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:05:47 2019
type=PROCTITLE msg=audit(1555938347.710:448): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938347.710:448): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938347.710:448):  cwd="/"
type=SYSCALL msg=audit(1555938347.710:448): arch=c000003e syscall=137 success=no exit=-13 a0=560d7c03e768 a1=7ffc97d0e860 a2=0 a3=0 items=1 ppid=18309 pid=19407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938347.710:448): avc:  denied  { getattr } for  pid=19407 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:35 2019
type=PROCTITLE msg=audit(1555938395.174:463): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938395.174:463): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938395.174:463):  cwd="/"
type=SYSCALL msg=audit(1555938395.174:463): arch=c000003e syscall=137 success=no exit=-13 a0=55f6e8c88ce8 a1=7ffecd57b4c0 a2=0 a3=7f932fc5d7b8 items=1 ppid=18309 pid=20112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938395.174:463): avc:  denied  { getattr } for  pid=20112 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:35 2019
type=PROCTITLE msg=audit(1555938395.175:464): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938395.175:464): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938395.175:464):  cwd="/"
type=SYSCALL msg=audit(1555938395.175:464): arch=c000003e syscall=137 success=no exit=-13 a0=55f6e8cc9428 a1=7ffecd57b4c0 a2=0 a3=0 items=1 ppid=18309 pid=20112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938395.175:464): avc:  denied  { getattr } for  pid=20112 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:35 2019
type=PROCTITLE msg=audit(1555938395.784:465): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938395.784:465): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938395.784:465):  cwd="/"
type=SYSCALL msg=audit(1555938395.784:465): arch=c000003e syscall=137 success=no exit=-13 a0=55e40ebb27b8 a1=7ffdaf0bb630 a2=0 a3=7fd0055387b8 items=1 ppid=18309 pid=20128 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938395.784:465): avc:  denied  { getattr } for  pid=20128 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:35 2019
type=PROCTITLE msg=audit(1555938395.784:466): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938395.784:466): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938395.784:466):  cwd="/"
type=SYSCALL msg=audit(1555938395.784:466): arch=c000003e syscall=137 success=no exit=-13 a0=55e40ebf2f38 a1=7ffdaf0bb630 a2=0 a3=0 items=1 ppid=18309 pid=20128 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938395.784:466): avc:  denied  { getattr } for  pid=20128 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:45 2019
type=PROCTITLE msg=audit(1555938405.214:475): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938405.214:475): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938405.214:475):  cwd="/"
type=SYSCALL msg=audit(1555938405.214:475): arch=c000003e syscall=137 success=no exit=-13 a0=560fe2901ce8 a1=7ffecb964120 a2=0 a3=7f13cfec77b8 items=1 ppid=18309 pid=20304 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938405.214:475): avc:  denied  { getattr } for  pid=20304 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:45 2019
type=PROCTITLE msg=audit(1555938405.215:476): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938405.215:476): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938405.215:476):  cwd="/"
type=SYSCALL msg=audit(1555938405.215:476): arch=c000003e syscall=137 success=no exit=-13 a0=560fe2942428 a1=7ffecb964120 a2=0 a3=0 items=1 ppid=18309 pid=20304 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938405.215:476): avc:  denied  { getattr } for  pid=20304 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:45 2019
type=PROCTITLE msg=audit(1555938405.742:477): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938405.742:477): item=0 name="/etc/pki/nssdb/cert9.db" inode=67625268 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938405.742:477):  cwd="/"
type=SYSCALL msg=audit(1555938405.742:477): arch=c000003e syscall=137 success=no exit=-13 a0=55b3f2344568 a1=7ffe508b1a10 a2=0 a3=7f8ff66567b8 items=1 ppid=18309 pid=20338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938405.742:477): avc:  denied  { getattr } for  pid=20338 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Mon Apr 22 15:06:45 2019
type=PROCTITLE msg=audit(1555938405.742:478): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F69626D2D687332322D30342E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F72612D6167656E742E
type=PATH msg=audit(1555938405.742:478): item=0 name="/etc/pki/nssdb/key4.db" inode=67625270 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1555938405.742:478):  cwd="/"
type=SYSCALL msg=audit(1555938405.742:478): arch=c000003e syscall=137 success=no exit=-13 a0=55b3f2360688 a1=7ffe508b1a10 a2=0 a3=0 items=1 ppid=18309 pid=20338 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1555938405.742:478): avc:  denied  { getattr } for  pid=20338 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0



Expected results:
AVC denials should not be observed
Comment 3 Milos Malik 2019-04-23 06:59:27 UTC 
I believe this bug is a duplicate of BZ#1692564.
Comment 4 Lukas Vrabec 2019-04-23 08:49:49 UTC 

*** This bug has been marked as a duplicate of bug 1692564 ***