Description of problem: [OVS DPDK] Encounter modprobe AVC's while configuring OVS DPDK bridge with two interfaces We ran kernel/networking/ovs-dpdk-selinux automation and found the following two AVC's: ++ check_AVC +++ grep -c -w AVC /var/log/audit/audit.log ++ '[' 2 == 0 ']' ++ grep AVC /var/log/audit/audit.log type=AVC msg=audit(1681305244.948:109): avc: denied { search } for pid=9713 comm="modprobe" name="events" dev="tracefs" ino=5132 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0 type=AVC msg=audit(1681305244.948:109): avc: denied { search } for pid=9713 comm="modprobe" name="events" dev="tracefs" ino=5132 scontext=system_u:system_r:openvswitch_load_module_t:s0 tcontext=system_u:object_r:tracefs_t:s0 tclass=dir permissive=0 ++ return 1 The check_AVC function ran right after configuring a OVS DPDK bridge. This modprobe AVC is related to openvswitch based on the AVC lines above. But, it seems to be benign as the brige was built successfully --- the daemon showed no ERRs when attaching two dpdk interfaces to the brdige. NOTE: Same AVC outputs for ixgbe, i40e, ice and mlx5 NICs --- so far I have tried these four NICs. It seems be generic. Version-Release number of selected component (if applicable): [root@netqe29 audit]# uname -r 5.14.0-284.10.1.el9_2.x86_64 [root@netqe29 audit]# rpm -q openvswitch2.15 openvswitch2.15-2.15.0-81.el9fdp.x86_64 How reproducible: Reproducible Steps to Reproduce: Run kernel/networking/ovs-dpdk-selinux 1. 2. 3. Actual results: Expected results: Additional info:
Aaron have already reviewed the two modprobe AVC's.
Please test with https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=2517138
Verified with ovs2.15 and openvswitch-selinux-extra-policy-1.0-33.el9fdp.noarch.rpm ,there is no avc error reported. https://beaker.engineering.redhat.com/jobs/8137977