#112 AVC for dogtag-submit
Opened 7 months ago by cheimes. Modified 2 months ago

I'm getting an AVC for dogtag-submit, e.g.

http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/92dbf1d0-668c-11e9-801d-fa163eba699c/test_commands.py-TestIPACommand--test_list_help_topics/master.ipa.test/journal.gz

audit[19013]: AVC avc: denied { execute } for pid=19013 comm="dogtag-submit" path=2F72756E2F636572746D6F6E6765722F66666976314C7A534D202864656C6574656429 dev="tmpfs" ino=73755 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:certmonger_var_run_t:s0 tclass=file permissive=1


Here is another one that looks very similar

AVC avc: denied { execute } for pid=18826 comm="certmonger" path=2F72756E2F636572746D6F6E6765722F666669335642653364202864656C6574656429 dev="tmpfs" ino=70313 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:certmonger_var_run_t:s0 tclass=file permissive=1

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1703120

7 months ago

The AVC looks like it is related to libffi. The path is /run/certmonger/ffiv1LzSM. I don't think there is anything I can do about that.

It sure looks like this is caused by an IPA import.

Login to comment on this ticket.

Metadata