Closed zpytela closed 1 month ago
Cockpit tests failed for commit 3bdc61b6ff9e06bfe4e0475bcbc64bdc1fe6acb2. @martinpitt, @jelly, @mvollmer please check.
Cockpit tests failed for commit a9a0e6dcf8fea0dee7024d6f8e620921519b1d86. @martinpitt, @jelly, @mvollmer please check.
The rawhide test failed because TestLogin.testSELinuxRestrictedUser caused this SELinux rejection:
type=AVC msg=audit(04/04/2024 20:19:05.912:415) : avc: denied { create } for pid=1 comm=systemd scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_netfilter_socket permissive=0
However, that is totally coincidental -- that test doesn't actively fiddle with pid 1 and firewall, it's probably background activity that just happened at that time. The previous run has the same failure but in TestLogin.testPamAccess
.
The journal doesn't have much activity around that message though.
The rawhide test failed because TestLogin.testSELinuxRestrictedUser caused this SELinux rejection:
type=AVC msg=audit(04/04/2024 20:19:05.912:415) : avc: denied { create } for pid=1 comm=systemd scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=netlink_netfilter_socket permissive=0
However, that is totally coincidental -- that test doesn't actively fiddle with pid 1 and firewall, it's probably background activity that just happened at that time. The previous run has the same failure but in
TestLogin.testPamAccess
.The journal doesn't have much activity around that message though.
That's funny as this permission has actually been allowed since 4 months ago.
The commit addresses the following AVC denial and subsequently raised ones: type=PROCTITLE msg=audit(03/12/2024 00:43:15.243:1724) : proctitle=/usr/libexec/fdo/fdo-rendezvous-server type=SYSCALL msg=audit(03/12/2024 00:43:15.243:1724) : arch=x86_64 syscall=connect success=no exit=EINPROGRESS(Operation now in progress) a0=0xa a1=0x7f3bd0009e60 a2=0x10 a3=0x7f3be1d9b100 items=0 ppid=1 pid=24579 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=r2d2-worker-0 exe=/usr/libexec/fdo/fdo-rendezvous-server subj=system_u:system_r:fdo_t:s0 key=(null) type=AVC msg=audit(03/12/2024 00:43:15.243:1724) : avc: denied { name_connect } for pid=24579 comm=r2d2-worker-0 dest=5432 scontext=system_u:system_r:fdo_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket permissive=1