#7923 AVC for dogtag-ipa-ca-renew-agent-submit
Opened 5 months ago by cheimes. Modified 4 months ago

I noticed an AVC for dogtag-ipa-ca-renew-agent-submit. The command tries to create /var/log/renew.log and fails

http://freeipa-org-pr-ci.s3-website.eu-central-1.amazonaws.com/jobs/ec687eb4-5c35-11e9-89d8-fa163e3bb4ee/test_caless.py-TestServerReplicaCALessToCAFull/master.ipa.test/journal.gz

Apr 11 08:55:20 master.ipa.test audit[20248]: AVC avc:  denied  { create } for  pid=20248 comm="dogtag-ipa-ca-r" name="renew.log" scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
Apr 11 08:55:20 master.ipa.test audit[20248]: AVC avc:  denied  { open } for  pid=20248 comm="dogtag-ipa-ca-r" path="/var/log/ipa/renew.log" dev="vda1" ino=1968147 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1

AVC avc: denied { open } for pid=22077 comm="stop_pkicad" path="/var/log/ipa/restart.log" dev="vda1" ino=1968139 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1

Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1703121

5 months ago

Metadata Update from @pcech:
- Issue tagged with: Falcon

4 months ago

Login to comment on this ticket.

Metadata