Closed zpytela closed 5 months ago
The io_uring class is used by plocate executed by setroubleshootd.
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(02/05/2024 11:50:06.209:990) : proctitle=locate -b \socket:[55759] type=SYSCALL msg=audit(02/05/2024 11:50:06.209:990) : arch=x86_64 syscall=mmap success=yes exit=140140076916736 a0=0x0 a1=0x2440 a2=PROT_READ|PROT_WRITE a3=MAP_SHARED|MAP_POPULATE items=0 ppid=9028 pid=9138 auid=unset uid=setroubleshoot gid=setroubleshoot euid=setroubleshoot suid=setroubleshoot fsuid=setroubleshoot egid=setroubleshoot sgid=plocate fsgid=setroubleshoot tty=(none) ses=unset comm=locate exe=/usr/bin/plocate subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(02/05/2024 11:50:06.209:990) : avc: denied { read write } for pid=9138 comm=locate path=anon_inode:[io_uring] dev="anon_inodefs" ino=61622 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=1 type=AVC msg=audit(02/05/2024 11:50:06.209:990) : avc: denied { map } for pid=9138 comm=locate path=anon_inode:[io_uring] dev="anon_inodefs" ino=61622 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=1
The io_uring class is used by plocate executed by setroubleshootd.
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(02/05/2024 11:50:06.209:990) : proctitle=locate -b \socket:[55759] type=SYSCALL msg=audit(02/05/2024 11:50:06.209:990) : arch=x86_64 syscall=mmap success=yes exit=140140076916736 a0=0x0 a1=0x2440 a2=PROT_READ|PROT_WRITE a3=MAP_SHARED|MAP_POPULATE items=0 ppid=9028 pid=9138 auid=unset uid=setroubleshoot gid=setroubleshoot euid=setroubleshoot suid=setroubleshoot fsuid=setroubleshoot egid=setroubleshoot sgid=plocate fsgid=setroubleshoot tty=(none) ses=unset comm=locate exe=/usr/bin/plocate subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(02/05/2024 11:50:06.209:990) : avc: denied { read write } for pid=9138 comm=locate path=anon_inode:[io_uring] dev="anon_inodefs" ino=61622 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=1 type=AVC msg=audit(02/05/2024 11:50:06.209:990) : avc: denied { map } for pid=9138 comm=locate path=anon_inode:[io_uring] dev="anon_inodefs" ino=61622 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:io_uring_t:s0 tclass=anon_inode permissive=1