-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-8.10
-
selinux-policy-3.14.3-132.el8
-
sst_security_selinux
-
ssg_security
-
14
-
QE ack
-
False
-
-
No
What were you trying to do that didn't work?
already described in https://bugzilla.redhat.com/show_bug.cgi?id=2240159
Please provide the package NVR for which bug is seen:
selinux-policy-3.14.3-131.el8.noarch
selinux-policy-targeted-3.14.3-131.el8.noarch
systemd-239-78.el8.x86_64
How reproducible:
always
Steps to reproduce
- get a RHEL-8.10 machine (the targeted policy is active)
- run the automated test: https://src.fedoraproject.org/tests/selinux/blob/main/f/selinux-policy/systemd-localed
- search for SELinux denials
Expected results
No SELinux denials.
Actual results
---- type=PROCTITLE msg=audit(11/09/2023 11:27:07.474:934) : proctitle=/usr/lib/systemd/systemd-localed type=PATH msg=audit(11/09/2023 11:27:07.474:934) : item=1 name=/etc/X11/xorg.conf.d nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(11/09/2023 11:27:07.474:934) : item=0 name=/etc/X11/ inode=67159963 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(11/09/2023 11:27:07.474:934) : cwd=/ type=SYSCALL msg=audit(11/09/2023 11:27:07.474:934) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x561d03657496 a1=0755 a2=0x561d0466e010 a3=0x0 items=2 ppid=1 pid=123176 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-localed exe=/usr/lib/systemd/systemd-localed subj=system_u:system_r:systemd_localed_t:s0 key=(null) type=AVC msg=audit(11/09/2023 11:27:07.474:934) : avc: denied { create } for pid=123176 comm=systemd-localed name=xorg.conf.d scontext=system_u:system_r:systemd_localed_t:s0 tcontext=system_u:object_r:xserver_etc_t:s0 tclass=dir permissive=0 ----
Additional information:
- is cloned by
-
RHEL-16716 SELinux prevents the systemd-localed from creating the /etc/X11/xorg.conf.d directory [rhel-9]
- Closed
- links to
-
RHBA-2023:121335 selinux-policy bug fix and enhancement update
- mentioned on
(2 mentioned on)