Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow dirsrv read network sysctls #2403

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Allow dirsrv read network sysctls #2403

merged 1 commit into from
Oct 23, 2024

Conversation

zpytela
Copy link
Contributor

@zpytela zpytela commented Oct 22, 2024

The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(09/11/2024 05:35:23.841:2235) : proctitle=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /run/dirsrv/slapd-test.pid type=SYSCALL msg=audit(09/11/2024 05:35:23.841:2235) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f74651fab60 a2=O_RDONLY|O_NOCTTY|O_CLOEXEC a3=0x0 items=0 ppid=1 pid=10450 auid=unset uid=dirsrv gid=dirsrv euid=dirsrv suid=dirsrv fsuid=dirsrv egid=dirsrv sgid=dirsrv fsgid=dirsrv tty=(none) ses=unset comm=ns-slapd exe=/usr/sbin/ns-slapd subj=system_u:system_r:dirsrv_t:s0 key=(null) type=AVC msg=audit(09/11/2024 05:35:23.841:2235) : avc: denied { search } for pid=10450 comm=ns-slapd name=net dev="proc" ino=32137 scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0

Resolves: RHEL-58381

@zpytela
Allow dirsrv read network sysctls
d24a19d 
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(09/11/2024 05:35:23.841:2235) : proctitle=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-test -i /run/dirsrv/slapd-test.pid
type=SYSCALL msg=audit(09/11/2024 05:35:23.841:2235) : arch=x86_64 syscall=openat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f74651fab60 a2=O_RDONLY|O_NOCTTY|O_CLOEXEC a3=0x0 items=0 ppid=1 pid=10450 auid=unset uid=dirsrv gid=dirsrv euid=dirsrv suid=dirsrv fsuid=dirsrv egid=dirsrv sgid=dirsrv fsgid=dirsrv tty=(none) ses=unset comm=ns-slapd exe=/usr/sbin/ns-slapd subj=system_u:system_r:dirsrv_t:s0 key=(null)
type=AVC msg=audit(09/11/2024 05:35:23.841:2235) : avc:  denied  { search } for  pid=10450 comm=ns-slapd name=net dev="proc" ino=32137 scontext=system_u:system_r:dirsrv_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0

Resolves: RHEL-58381
@zpytela zpytela merged commit 785a086 into fedora-selinux:rawhide Oct 23, 2024
6 checks passed
@zpytela zpytela deleted the dirsrv-read-sysctlnet branch October 23, 2024 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zpytela