Hide Forgot
http://ci-vm-10-0-148-68.hosted.upshift.rdu2.redhat.com/sssd-nightly-tier2/master/1/ldap_krb5/restraint.01/ SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31 selinux-policy-3.14.3-12.el8.noarch ---- time->Tue Jul 30 06:20:25 2019 type=PROCTITLE msg=audit(1564482025.406:1780): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002D75002F7573722F62696E2F616272742D616374696F6E2D696E7374616C6C2D6465627567696E666F002D79002D76 type=SYSCALL msg=audit(1564482025.406:1780): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55cddcde3120 a2=0 a3=0 items=0 ppid=26222 pid=26246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-action-ins" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1564482025.406:1780): avc: denied { read } for pid=26246 comm="abrt-action-ins" name="satellite-5-client.module" dev="vda1" ino=8409219 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=0 ---- time->Tue Jul 30 06:20:25 2019 type=PROCTITLE msg=audit(1564482025.406:1781): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002D75002F7573722F62696E2F616272742D616374696F6E2D696E7374616C6C2D6465627567696E666F002D79002D76 type=SYSCALL msg=audit(1564482025.406:1781): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55cddcde9750 a2=0 a3=0 items=0 ppid=26222 pid=26246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-action-ins" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1564482025.406:1781): avc: denied { read } for pid=26246 comm="abrt-action-ins" name="virt.module" dev="vda1" ino=8409220 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=0 ---- time->Tue Jul 30 06:20:32 2019 type=PROCTITLE msg=audit(1564482032.607:1783): proctitle=2F7573722F6C6962657865632F737373642F737373645F6265002D2D646F6D61696E004144002D2D7569640030002D2D6769640030002D2D6C6F676765723D66696C6573 type=SYSCALL msg=audit(1564482032.607:1783): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=5619e9480e00 a2=0 a3=0 items=0 ppid=26276 pid=26284 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sssd_be" exe="/usr/libexec/sssd/sssd_be" subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(1564482032.607:1783): avc: denied { search } for pid=26284 comm="sssd_be" name="krb5" dev="vda1" ino=9186485 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:krb5_keytab_t:s0 tclass=dir permissive=0 ---- time->Tue Jul 30 06:21:03 2019 type=PROCTITLE msg=audit(1564482063.872:1822): proctitle=2F7573722F6C6962657865632F737373642F737373645F6265002D2D646F6D61696E004144002D2D7569640030002D2D6769640030002D2D6C6F676765723D66696C6573 type=SYSCALL msg=audit(1564482063.872:1822): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=55857b5d4570 a2=0 a3=0 items=0 ppid=26612 pid=26614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sssd_be" exe="/usr/libexec/sssd/sssd_be" subj=system_u:system_r:sssd_t:s0 key=(null) type=AVC msg=audit(1564482063.872:1822): avc: denied { search } for pid=26614 comm="sssd_be" name="krb5" dev="vda1" ino=9186485 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:krb5_keytab_t:s0 tclass=dir permissive=0
*** This bug has been marked as a duplicate of bug 1734399 ***
Please ignore the last 2 SELinux denials in comment#0. This bug is about SELinux interfering with abrt-action-ins... SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31 selinux-policy-3.14.3-13.el8.noarch ---- time->Tue Aug 6 20:30:13 2019 type=PROCTITLE msg=audit(1565137813.164:811): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002D75002F7573722F62696E2F616272742D616374696F6E2D696E7374616C6C2D6465627567696E666F002D79 type=PATH msg=audit(1565137813.164:811): item=0 name="/etc/dnf/modules.d/satellite-5-client.module" inode=135 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1565137813.164:811): cwd="/var/spool/abrt/ccpp-2019-08-06-20:30:10.357071-18035" type=SYSCALL msg=audit(1565137813.164:811): arch=c00000b7 syscall=56 success=no exit=-13 a0=ffffffffffffff9c a1=aaaae6eac790 a2=0 a3=0 items=1 ppid=19181 pid=19202 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrt-action-ins" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1565137813.164:811): avc: denied { read } for pid=19202 comm="abrt-action-ins" name="satellite-5-client.module" dev="dm-0" ino=135 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=0 ----
*** Bug 1739355 has been marked as a duplicate of this bug. ***
Increasing priority/severity, because several QE people found this AVC in their test runs.
commit 99af5f04a4694d1b16929d45cbd6900ff5f42464 (HEAD -> rhel8.1-contrib) Author: Lukas Vrabec <lvrabec@redhat.com> Date: Fri Aug 9 15:43:00 2019 +0200 Dontaudit abrt_t domain to read root_t files Resolves: rhbz#1734403
*** Bug 1740060 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3547