Bug 1734387 - sssd_be avc: denied { search }
Summary: sssd_be avc: denied { search }
Keywords:
Status: CLOSED DUPLICATE of bug 1734399
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.0
Assignee: Lukas Vrabec
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-30 12:19 UTC by Steeve Goveas
Modified: 2019-08-22 16:21 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-30 13:02:55 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)

Description Steeve Goveas 2019-07-30 12:19:44 UTC
Steps to Reproduce:
http://ci-vm-10-0-148-68.hosted.upshift.rdu2.redhat.com/sssd-nightly-tier2/master/1/krb_minssf/restraint.01/

Actual results:

Expected results:
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      31
selinux-policy-3.14.3-12.el8.noarch
----
time->Tue Jul 30 06:20:23 2019
type=PROCTITLE msg=audit(1564482023.517:1770): proctitle=2F7573722F6C6962657865632F737373642F737373645F6265002D2D646F6D61696E004C4441502D4B524235002D2D7569640030002D2D6769640030002D2D6C6F676765723D66696C6573
type=SYSCALL msg=audit(1564482023.517:1770): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55eeb5136b90 a2=0 a3=0 items=0 ppid=28075 pid=28077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sssd_be" exe="/usr/libexec/sssd/sssd_be" subj=system_u:system_r:sssd_t:s0 key=(null)
type=AVC msg=audit(1564482023.517:1770): avc:  denied  { search } for  pid=28077 comm="sssd_be" name="krb5" dev="vda1" ino=9186485 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:krb5_keytab_t:s0 tclass=dir permissive=0


Additional info:

Comment 1 Lukas Vrabec 2019-07-30 13:02:55 UTC

*** This bug has been marked as a duplicate of bug 1734399 ***


Note You need to log in before you can comment on or make changes to this bug.