Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2108383
Summary: | selinux-policy AVC during "mount -t cifs" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Rafael Jeffman <rjeffman> |
Component: | selinux-policy | Assignee: | Zdenek Pytela <zpytela> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 8.7 | CC: | dkarpele, lvrabec, mmalik, rpm, ssekidde |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.7 | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.14.3-105.el8 | Doc Type: | No Doc Update |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-08 10:44:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2095834 |
Comment 2
Zdenek Pytela
2022-07-25 13:29:36 UTC
Unique SELinux denials for QE purposes: ---- time->Tue Jul 12 10:35:10 2022 type=PROCTITLE msg=audit(1657636510.928:3589): proctitle=2F7573722F6C6962657865632F73616D62612F727063645F6C736164002D2D636F6E66696766696C653D2F6574632F73616D62612F736D622E636F6E66002D2D776F726B65722D67726F75703D32002D2D776F726B65722D696E6465783D35002D2D64656275676C6576656C3D3130 type=SYSCALL msg=audit(1657636510.928:3589): arch=c000003e syscall=6 success=no exit=-13 a0=7ffd1cc24982 a1=7ffd1cc249f0 a2=7ffd1cc249f0 a3=0 items=0 ppid=37511 pid=37538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rpcd_lsad" exe="/usr/libexec/samba/rpcd_lsad" subj=system_u:system_r:winbind_rpcd_t:s0 key=(null) type=AVC msg=audit(1657636510.928:3589): avc: denied { getattr } for pid=37538 comm="rpcd_lsad" path="/run/samba/winbindd/pipe" dev="tmpfs" ino=161762 scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=system_u:object_r:winbind_var_run_t:s0 tclass=sock_file permissive=0 ---- time->Tue Jul 12 10:35:31 2022 type=PROCTITLE msg=audit(1657636531.794:3593): proctitle=736D62636F6E74726F6C00616C6C0064656275670031 type=SYSCALL msg=audit(1657636531.794:3593): arch=c000003e syscall=42 success=no exit=-13 a0=10 a1=7ffc071e8dd0 a2=6e a3=0 items=0 ppid=37583 pid=37598 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="smbcontrol" exe="/usr/bin/smbcontrol" subj=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1657636531.794:3593): avc: denied { sendto } for pid=37598 comm="smbcontrol" path="/var/lib/samba/private/msg.sock/37511" scontext=unconfined_u:unconfined_r:smbcontrol_t:s0-s0:c0.c1023 tcontext=system_u:system_r:winbind_rpcd_t:s0 tclass=unix_dgram_socket permissive=0 ---- *** Bug 2095834 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7691 |