Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
rhel-9.3.0
-
Minor
-
sst_security_selinux
-
ssg_security
-
12
-
QE ack
-
False
-
-
No
-
-
Yes
-
Unspecified Release Note Type - Unknown
Description
What were you trying to do that didn't work?
It does not appear to be causing any problems, but when one of our cron jobs runs we get a lot of denial messages.
Please provide the package NVR for which bug is seen:
selinux-policy-38.1.23-1.el9_3.2.noarch
dbus-broker-28-7.el9.x86_64
avahi-0.8-15.el9.x86_64
h3. How reproducible:
Seeing on just two of our EL9 systems
h3. Steps to reproduce
# install avahi
# The cron job that may be triggering it essentially does:
#!/bin/bash
curl -s --location http://ADCA/CertEnroll/AD.crl | openssl crl -inform der -out /etc/raddb/certs/ad-AD-SEATTLE01-CA.crl
curl -s --location http://IPACAm/ipa/crl/MasterCRL.bin | openssl crl -inform der -out /etc/raddb/certs/ipa.crl
chgrp radiusd /etc/raddb/certs/{AD,ipa}.crl
openssl rehash /etc/raddb/certs |& grep -vF 'warning: skipping'
systemctl restart radiusd
Expected results
No AVC denials
Actual results
Apr 09 00:00:01 dbus-broker[641]: A security policy denied :1.2 to send signal /Client3330/Service
Browser1:org.freedesktop.Avahi.ServiceBrowser.ItemNew to :1.5854.
Apr 09 00:00:01 dbus-broker[641]: A security policy denied :1.2 to send signal /Client3330/Service
Browser1:org.freedesktop.Avahi.ServiceBrowser.CacheExhausted to :1.5854.
type=USER_AVC msg=audit(1712698201.410:94401): pid=641 uid=81 auid=4294967295 ses=4294967295 subj=
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for scontext=syst
em_u:system_r:avahi_t:s0 tcontext=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 tclass=dbus pe
rmissive=0 exe="/usr/bin/dbus-broker" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset
" SAUID="dbus"
Attachments
Issue Links
- links to
