2186595 – SELinux is preventing kworker/30:1 from map_read, map_write access on the bpf labeled kernel_t.

Bug 2186595 - SELinux is preventing kworker/30:1 from map_read, map_write access on the bpf labeled kernel_t.

Summary: SELinux is preventing kworker/30:1 from map_read, map_write access on the bpf...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	38
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:b8104f3440c31c32f541a398612...
Duplicates (7):	2188940 2188971 2192185 2203635 2208472 2208512 2208581 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-04-13 19:00 UTC by Mikhail
Modified:	2023-07-18 01:24 UTC (History)
CC List:	12 users (show)
Fixed In Version:	selinux-policy-38.21-1.fc38
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-18 01:24:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
File: description (1.96 KB, text/plain) 2023-04-13 19:00 UTC, Mikhail	no flags	Details
File: os_info (770 bytes, text/plain) 2023-04-13 19:00 UTC, Mikhail	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	fedora-selinux selinux-policy pull 1698	0	None	open	Allow kernel to manage its own BPF objects	2023-05-22 12:39:43 UTC

Description Mikhail 2023-04-13 19:00:51 UTC

Description of problem:
It happend when I plugged gamepad
SELinux is preventing kworker/30:1 from map_read, map_write access on the bpf labeled kernel_t.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that 30:1 should be allowed map_read map_write access on bpf labeled kernel_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'kworker/30:1' --raw | audit2allow -M my-kworker301
# semodule -X 300 -i my-kworker301.pp

Additional Information:
Source Context                system_u:system_r:kernel_t:s0
Target Context                system_u:system_r:kernel_t:s0
Target Objects                Unknown [ bpf ]
Source                        kworker/30:1
Source Path                   kworker/30:1
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-38.10-1.fc39.noarch
Local Policy RPM              selinux-policy-targeted-38.10-1.fc39.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 6.3.0-
                              0.rc6.20230412gite62252bc55b6.51.fc39.x86_64+debug
                              #1 SMP PREEMPT_DYNAMIC Wed Apr 12 21:55:44 +05
                              2023 x86_64
Alert Count                   2
First Seen                    2023-04-11 21:24:09 +05
Last Seen                     2023-04-13 23:59:35 +05
Local ID                      45da7165-9da8-4604-b616-8dc6c4287310

Raw Audit Messages
type=AVC msg=audit(1681412375.280:285): avc:  denied  { map_read map_write } for  pid=26427 comm="kworker/30:2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=1


Hash: kworker/30:1,kernel_t,kernel_t,bpf,map_read,map_write

Version-Release number of selected component:
selinux-policy-targeted-38.10-1.fc39.noarch

Additional info:
reporter:       libreport-2.17.9
reason:         SELinux is preventing kworker/30:1 from map_read, map_write access on the bpf labeled kernel_t.
package:        selinux-policy-targeted-38.10-1.fc39.noarch
component:      selinux-policy
hashmarkername: setroubleshoot
type:           libreport
kernel:         6.3.0-0.rc6.20230412gite62252bc55b6.51.fc39.x86_64+debug
comment:        It happend when I plugged gamepad
component:      selinux-policy

Comment 1 Mikhail 2023-04-13 19:00:52 UTC

Created attachment 1957374 [details]
File: description

Comment 2 Mikhail 2023-04-13 19:00:54 UTC

Created attachment 1957375 [details]
File: os_info

Comment 3 Ondrej Mosnáček 2023-04-20 12:05:01 UTC

Is it possible to reliably trigger the denial? If yes, could you please run the following:

# echo stacktrace >/sys/kernel/tracing/trace_options
# echo 1 >/sys/kernel/tracing/events/avc/selinux_audited/enable

...then trigger the denial, and then paste the output of `cat /sys/kernel/tracing/trace`? It should give us its kernel backtrace, which will help us figure out what is going on.

You can reset the tracing settings afterwards by rebooting or by running:

# echo nostacktrace >/sys/kernel/tracing/trace_options
# echo 0 >/sys/kernel/tracing/events/avc/selinux_audited/enable

Comment 4 Zdenek Pytela 2023-04-25 09:27:07 UTC

*** Bug 2188940 has been marked as a duplicate of this bug. ***

Comment 5 Ondrej Mosnáček 2023-04-30 08:50:19 UTC

*** Bug 2192185 has been marked as a duplicate of this bug. ***

Comment 6 Zdenek Pytela 2023-05-02 19:44:26 UTC

*** Bug 2188971 has been marked as a duplicate of this bug. ***

Comment 7 Zdenek Pytela 2023-05-15 10:04:15 UTC

*** Bug 2203635 has been marked as a duplicate of this bug. ***

Comment 8 Zdenek Pytela 2023-05-19 10:42:00 UTC

*** Bug 2208472 has been marked as a duplicate of this bug. ***

Comment 9 Zdenek Pytela 2023-05-19 10:42:03 UTC

*** Bug 2208512 has been marked as a duplicate of this bug. ***

Comment 10 Zdenek Pytela 2023-05-19 10:43:05 UTC

Hint from one of the duplicates:
> Seems to have happened during system suspend or resume.

Still, we are looking for confirmation and a reliable reproducer.
Further debugging information is highly appreciated.

Comment 11 Vít Ondruch 2023-05-19 11:23:44 UTC

I have hit the bug #2208472 right after the boot. But I think that also today, connecting my LP to docking station. Also, I think this is Kernel 6.3 related.

Comment 12 Zdenek Pytela 2023-05-19 11:30:58 UTC

Good catch, Vit, actually 

6.3.3-200.fc38.x86_64 
6.3.0-0.rc6.20230412gite62252bc55b6.51.fc39.x86_64+debug
6.3.0-0.rc7.20230420gitcb0856346a60.59.fc39.x86_64+debug
6.4.0-0.rc0.20230428git33afd4b76393.7.fc39.x86_64+debug

in the reported bzs. At least something we can work with.

Comment 13 Vít Ondruch 2023-05-19 11:40:14 UTC

(In reply to Zdenek Pytela from comment #12)
> Good catch, Vit, actually 
> 
> 6.3.3-200.fc38.x86_64 
> 6.3.0-0.rc6.20230412gite62252bc55b6.51.fc39.x86_64+debug
> 6.3.0-0.rc7.20230420gitcb0856346a60.59.fc39.x86_64+debug
> 6.4.0-0.rc0.20230428git33afd4b76393.7.fc39.x86_64+debug
> 
> in the reported bzs. At least something we can work with.

Yeah, I have updated one system, where there was still just 6.2 available and it was Ok. The other system updated yesterday has already 6.3 and that exhibits the issue.

Comment 14 Zdenek Pytela 2023-05-19 13:33:00 UTC

Just a note: I am unable to reproduce the problem on a vm and therefore I cannot gather any additional data, will try a physical system.

Comment 15 Kamil Páral 2023-05-19 14:55:55 UTC

On my system it seems to happen reliably after each suspend-resume cycle.

Comment 16 Vít Ondruch 2023-05-19 16:32:22 UTC

This is what happened when I disconnected my LP from docking station:

~~~
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:03:01.0: pciehp: Slot(1): Link Down
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:03:01.0: pciehp: Slot(1): Card not present
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:06:04.0: Unable to change power state from D3hot to D0, device inaccessible
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:06:04.0: Runtime PM usage count underflow!
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: remove, state 1
May 19 18:24:10 localhost.localdomain kernel: usb usb6: USB disconnect, device number 1
May 19 18:24:10 localhost.localdomain kernel: usb 6-2: USB disconnect, device number 2
May 19 18:24:10 localhost.localdomain kernel: usb 6-2.1: USB disconnect, device number 3
May 19 18:24:10 localhost.localdomain kernel: r8152-cfgselector 6-2.1.2: USB disconnect, device number 4
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: xHCI host controller not responding, assume dead
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: USB bus 6 deregistered
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: remove, state 1
May 19 18:24:10 localhost.localdomain kernel: usb usb5: USB disconnect, device number 1
May 19 18:24:10 localhost.localdomain kernel: usb 5-2: USB disconnect, device number 2
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1: USB disconnect, device number 3
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1.1: USB disconnect, device number 6
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1.1.2: USB disconnect, device number 9
May 19 18:24:10 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:03:01.0: pciehp: Slot(1): Link Down
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:03:01.0: pciehp: Slot(1): Card not present
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:06:04.0: Unable to change power state from D3hot to D0, device inaccessible
May 19 18:24:10 localhost.localdomain kernel: pcieport 0000:06:04.0: Runtime PM usage count underflow!
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: remove, state 1
May 19 18:24:10 localhost.localdomain kernel: usb usb6: USB disconnect, device number 1
May 19 18:24:10 localhost.localdomain kernel: usb 6-2: USB disconnect, device number 2
May 19 18:24:10 localhost.localdomain kernel: usb 6-2.1: USB disconnect, device number 3
May 19 18:24:10 localhost.localdomain kernel: r8152-cfgselector 6-2.1.2: USB disconnect, device number 4
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: xHCI host controller not responding, assume dead
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: USB bus 6 deregistered
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: remove, state 1
May 19 18:24:10 localhost.localdomain kernel: usb usb5: USB disconnect, device number 1
May 19 18:24:10 localhost.localdomain kernel: usb 5-2: USB disconnect, device number 2
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1: USB disconnect, device number 3
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1.1: USB disconnect, device number 6
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1.1.2: USB disconnect, device number 9
May 19 18:24:10 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.1.4: USB disconnect, device number 10
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.2: USB disconnect, device number 4
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.3: USB disconnect, device number 5
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.4: USB disconnect, device number 11
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.5: USB disconnect, device number 7
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: Host halt failed, -19
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: Host not accessible, reset failed.
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: USB bus 5 deregistered
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:07: busn_res: [bus 07] is released
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:08: busn_res: [bus 08-39] is released
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:06: busn_res: [bus 06-39] is released
May 19 18:24:10 localhost.localdomain kernel: thunderbolt 0-1: device disconnected
May 19 18:24:12 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:12 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.fedoraproject.SetroubleshootPrivileged@4 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:15 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:20 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:23 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.fedoraproject.SetroubleshootPrivileged@4 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:23 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:24 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
.4: USB disconnect, device number 10
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.2: USB disconnect, device number 4
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.3: USB disconnect, device number 5
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain audit[76747]: AVC avc:  denied  { map_read map_write } for  pid=76747 comm="kworker/7:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.4: USB disconnect, device number 11
May 19 18:24:10 localhost.localdomain kernel: usb 5-2.5: USB disconnect, device number 7
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: Host halt failed, -19
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: Host not accessible, reset failed.
May 19 18:24:10 localhost.localdomain kernel: xhci_hcd 0000:07:00.0: USB bus 5 deregistered
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:07: busn_res: [bus 07] is released
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:08: busn_res: [bus 08-39] is released
May 19 18:24:10 localhost.localdomain kernel: pci_bus 0000:06: busn_res: [bus 06-39] is released
May 19 18:24:10 localhost.localdomain kernel: thunderbolt 0-1: device disconnected
May 19 18:24:12 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:12 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.fedoraproject.SetroubleshootPrivileged@4 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:15 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=packagekit comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:20 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:23 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dbus-:1.3-org.fedoraproject.SetroubleshootPrivileged@4 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:23 localhost.localdomain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
May 19 18:24:24 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=setroubleshootd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
~~~

Comment 17 Zdenek Pytela 2023-05-19 17:05:30 UTC

Vite and Kamile,

Thank you for confirming the conditions. Will you also be able to follow the steps from https://bugzilla.redhat.com/show_bug.cgi?id=2186595#c3
to gather debugging data?

Comment 18 Zdenek Pytela 2023-05-19 17:05:37 UTC

*** Bug 2208581 has been marked as a duplicate of this bug. ***

Comment 19 Kamil Páral 2023-05-22 12:03:34 UTC

$ journalctl -f | grep -i avc
kvě 22 14:01:36 hydra audit[22029]: AVC avc:  denied  { map_read map_write } for  pid=22029 comm="kworker/6:0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf permissive=0
^C

$ cat /sys/kernel/tracing/trace
# tracer: nop
#
# entries-in-buffer/entries-written: 2/2   #P:12
#
#                                _-----=> irqs-off/BH-disabled
#                               / _----=> need-resched
#                              | / _---=> hardirq/softirq
#                              || / _--=> preempt-depth
#                              ||| / _-=> migrate-disable
#                              |||| /     delay
#           TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
#              | |         |   |||||     |         |
     kworker/6:0-22029   [006] ..... 10224.971061: selinux_audited: requested=0x6 denied=0x6 audited=0x6 result=-13 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=bpf
     kworker/6:0-22029   [006] ..... 10224.971074: <stack trace>
 => trace_event_raw_event_selinux_audited
 => avc_audit_post_callback
 => common_lsm_audit
 => slow_avc_audit
 => avc_has_perm
 => security_bpf_map
 => __sys_bpf
 => kern_sys_bpf
 => skel_map_get_fd_by_id
 => hid_bpf_release_progs
 => process_one_work
 => worker_thread
 => kthread
 => ret_from_fork

Comment 20 Ondrej Mosnáček 2023-05-22 12:39:43 UTC

Thanks! So this PR should do the trick:
https://github.com/fedora-selinux/selinux-policy/pull/1698

Comment 21 Fedora Update System 2023-07-14 11:59:43 UTC

FEDORA-2023-2663818afd has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-2663818afd

Comment 22 Fedora Update System 2023-07-15 01:32:25 UTC

FEDORA-2023-2663818afd has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-2663818afd`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-2663818afd

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 23 Fedora Update System 2023-07-18 01:24:20 UTC

FEDORA-2023-2663818afd has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.