Bug 1812540 - pdns map permission on p11-kit
Summary: pdns map permission on p11-kit
Keywords:
Status: CLOSED DUPLICATE of bug 1809078
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-11 14:30 UTC by Morten Stevens
Modified: 2020-03-16 10:48 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-11 14:49:27 UTC
Type: Bug


Attachments (Terms of Use)

Description Morten Stevens 2020-03-11 14:30:59 UTC
Description of problem:

PowerDNS needs map permission on /usr/share/p11-kit/modules/gnome-keyring.module and /usr/share/p11-kit/modules/p11-kit-trust.module

Version-Release number of selected component (if applicable):

Fedora:

pdns-4.2.1-4.fc32.x86_64
selinux-policy-3.14.6-6.fc33.noarch

RHEL 8:
pdns-4.2.1-1.el8.x86_64
selinux-policy-3.14.3-20.el8.noarch

Steps to Reproduce:
1. dnf install pdns
2. systemctl start pdns

Actual results:

Fedora:

type=AVC msg=audit(1583936430.201:250): avc:  denied  { map } for  pid=1648 comm="pdns_server" path="/usr/share/p11-kit/modules/gnome-keyring.module" dev="dm-0" ino=1838908 scontext=system_u:system_r:pdns_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=1

RHEL 8:

type=AVC msg=audit(1583850752.708:45): avc:  denied  { map } for  pid=1665 comm="pdns_server" path="/usr/share/p11-kit/modules/p11-kit-trust.module" dev="dm-0" ino=16949359 scontext=system_u:system_r:pdns_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file permissive=0


Additional info:

This bug also affects Fedora 30, Fedora 31 and RHEL8

Comment 1 Zdenek Pytela 2020-03-11 14:49:27 UTC

*** This bug has been marked as a duplicate of bug 1809078 ***


Note You need to log in before you can comment on or make changes to this bug.