Closed cjeanner closed 5 years ago
What policy are you testing this with?
$ cat > /tmp/t
type=AVC msg=audit(1547545930.107:1449): avc: denied { transition } for pid=69772 comm="runc:[2:INIT]" path="/usr/local/bin/dumb-init" dev="vda1" ino=2232295 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=system_u:system_r:container_t:s0:c12,c116 tclass=process permissive=0
$ audit2allow -i /tmp/t
#============= unconfined_service_t ==============
#!!!! This avc is allowed in the current policy
allow unconfined_service_t container_t:process transition;
rpm -q container-selinux container-selinux-2.77-1.git2c57a17.fc29.noarch
@rhatdan we are testing with container-selinux-2.73-3.el8+1838+91f7e486.noarch we'll try again with container-selinux-2.77-1.git2c57a17.fc29.noarch
worked with container-selinux-2.77-1.git2c57a17.fc29.noarch
Closing this issue since it was due to an old package. Thanks!
Hello,
We're currently testing podman 1.0, and hit the following issue:
Some details: this dumb-init is embedded in the container (meaning, no volume involved). It has the following flags:
And if we pass this AVC into
audit2allow
, we get the following output:We didn't get this issue with previous podman versions.
Any hint on what to do? I don't know this "transition" being denied, sooo.. any help would be nice :).
Thanks!
C.