Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1998129
Description of problem: There are AVC messages during the installation of ipa-server on RHEL8.5 (FIPS mode enabled). Version-Release number of selected component (if applicable): RHEL-8.5.0-20210825.n.0 (aarch64) ipa-server 4.9.6-4.module+el8.5.0+11912+1b4496cf Steps to Reproduce: fips-mode-setup --enable reboot hostnamectl set-hostname master.test.ipa dnf module reset idm -y dnf module enable -y idm:DL1/dns dnf install -y ipa-server-dns systemctl stop firewalld ipa-server-install -a Secret123 -p Secret123 --setup-dns --auto-forwarders -n test.ipa -U -r TEST.IPA Actual results: SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 33 selinux-policy-3.14.3-77.el8.noarch ---- time->Thu Aug 26 08:31:54 2021 type=PROCTITLE msg=audit(1629981114.133:381): proctitle=2F7573722F6C69626578656 32F706C6174666F726D2D707974686F6E002D49002F7573722F6C6962657865632F6970612F6970 612D637573746F646961002F6574632F6970612F637573746F6469612F637573746F6469612E636 F6E66 type=SYSCALL msg=audit(1629981114.133:381): arch=c00000b7 syscall=56 success=no exit=-13 a0=ffffffffffffff9c a1=ffffb890d4a0 a2=0 a3=0 items=0 ppid=1 pid=19933 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ipa-custodia" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:ipa_custodia_t:s0 key=(null) type=AVC msg=audit(1629981114.133:381): avc: denied { read } for pid=19933 comm="ipa-custodia" name="cpuinfo" dev="proc" ino=4026531923 scontext=system_u:system_r:ipa_custodia_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 ---- time->Thu Aug 26 08:38:29 2021 type=PROCTITLE msg=audit(1629981509.011:585): proctitle=2F7573722F6C69626578656 32F706C6174666F726D2D707974686F6E002D49002F7573722F6C6962657865632F6970612F6970 612D637573746F646961002F6574632F6970612F637573746F6469612F637573746F6469612E636 F6E66 type=SYSCALL msg=audit(1629981509.011:585): arch=c00000b7 syscall=56 success=no exit=-13 a0=ffffffffffffff9c a1=ffff8ef9d4a0 a2=0 a3=0 items=0 ppid=1 pid=24131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ipa-custodia" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:ipa_custodia_t:s0 key=(null) type=AVC msg=audit(1629981509.011:585): avc: denied { read } for pid=24131 comm="ipa-custodia" name="cpuinfo" dev="proc" ino=4026531923 scontext=system_u:system_r:ipa_custodia_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 Expected results: No AVC messages.
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1998129
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/5994
master:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.