Description of problem: It appears that the subscription-manager package attempts to execute gpg and gets blocked. Version-Release number of selected component (if applicable): $ rpm -q redhat-release selinux-policy-targeted subscription-manager redhat-release-9.0-2.17.el9.x86_64 selinux-policy-targeted-34.1.29-1.el9_0.2.noarch subscription-manager-1.29.26.1-1.el9_0.x86_64 How reproducible: Unsure, as this is happening in the background. Steps to Reproduce: TBC Actual results: SELinux alert occurs: SELinux is preventing /usr/bin/python3.9 from execute access on the file /usr/bin/gpg. Expected results: No alert and the policy accommodates Red Hat packages Additional info: Source Context system_u:system_r:rhsmcertd_t:s0 Target Context system_u:object_r:gpg_exec_t:s0 Target Objects /usr/bin/gpg [ file ] Source rhsmcertd-worke Source Path /usr/bin/python3.9 Port <Unknown> Host REDACTED Source RPM Packages python3-3.9.10-2.el9.x86_64 Target RPM Packages gnupg2-2.3.3-2.el9_0.x86_64 SELinux Policy RPM selinux-policy-targeted-34.1.29-1.el9_0.2.noarch Local Policy RPM selinux-policy-targeted-34.1.29-1.el9_0.2.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name REDACTED Platform Linux REDACTED 5.14.0-70.26.1.el9_0.x86_64 #1 SMP PREEMPT Fri Sep 2 16:07:40 EDT 2022 x86_64 x86_64 Alert Count 3 First Seen 2022-09-26 13:33:08 BST Last Seen 2022-09-27 14:23:28 BST
Commit to backport: commit f9b53ec1aa05e9768b9808507b7b22a81e46c17c Author: Zdenek Pytela <zpytela> Date: Wed Aug 11 17:33:44 2021 +0200 Allow rhsmcertd execute gpg
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2483
*** Bug 2160707 has been marked as a duplicate of this bug. ***