Open tg975 opened 2 months ago
Is your feature request related to a problem? Please describe.
SELinux is denying checkpoint_restore activity.
ausearch -m AVC,USER_AVC -ts today ---- time->Mon Apr 8 07:30:38 2024 type=AVC msg=audit(1712561438.441:202): avc: denied { checkpoint_restore } for pid=2302 comm="agetty" capability=40 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 ---- time->Mon Apr 8 07:30:38 2024 type=AVC msg=audit(1712561438.481:203): avc: denied { checkpoint_restore } for pid=2301 comm="agetty" capability=40 scontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tcontext=system_u:system_r:getty_t:s0-s0:c0.c1023 tclass=capability2 permissive=0
It is visible in logs as soon as AWS EC2 with AL2003 is started.
Describe the solution you'd like
In fedora-selinux project it has been addressed by adding dontaudit getty_t self:capability2 checkpoint_restore; in getty policy.
dontaudit getty_t self:capability2 checkpoint_restore;
References:
Is your feature request related to a problem? Please describe.
SELinux is denying checkpoint_restore activity.
It is visible in logs as soon as AWS EC2 with AL2003 is started.
Describe the solution you'd like
In fedora-selinux project it has been addressed by adding
dontaudit getty_t self:capability2 checkpoint_restore;in getty policy.References: