search

containers / qm

QM is a containerized environment for running Functional Safety qm (Quality Management) software
https://github.com/containers/qm
GNU General Public License v2.0
20 stars 20 forks source link

Fix IPC connectto issue within QM container #468

Closed aesteve-rh closed 1 month ago

aesteve-rh commented 1 month ago

Fix the remaining error for UNIX socket IPC usecase:

$ ausearch -m avc -ts recent
time->Thu Jun 27 07:34:37 2024
type=PROCTITLE msg=audit(1719473677.966:298): proctitle=707974686F6E33002F7573722F62696E2F6970632D636C69656E74
type=SYSCALL msg=audit(1719473677.966:298): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7fffa4ec5970 a2=1b a3=7f3d0c3c2c70 items=0 ppid=716 pid=718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python3" exe="/usr/bin/python3.12" subj=system_u:system_r:qm_container_ipc_t:s0:c76,c146 key=(null)
type=AVC msg=audit(1719473677.966:298): avc:  denied  { connectto } for  pid=718 comm="python3" path="/run/ipc-demo/ipc.socket" scontext=system_u:system_r:qm_container_ipc_t:s0:c76,c146 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0