Closed zpytela closed 2 months ago
@zpytela Ah nice, tests work again -- https://issues.redhat.com/browse/TFT-2555 got fixed, they previously ran a very old compose. Nice! :100:
@zpytela Ah nice, tests work again -- https://issues.redhat.com/browse/TFT-2555 got fixed, they previously ran a very old compose. Nice! 💯
Thanks for the info, I appreciate the tests are green now.
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(04/29/2024 06:24:29.406:1290) : proctitle=mkdir -p /run/systemd/generator.early selinux-autorelabel.service.d type=PATH msg=audit(04/29/2024 06:24:29.406:1290) : item=1 name=generator.early nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=PATH msg=audit(04/29/2024 06:24:29.406:1290) : item=0 name=/run/systemd inode=2 dev=00:1b mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:init_var_run_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=SYSCALL msg=audit(04/29/2024 06:24:29.406:1290) : arch=x86_64 syscall=mkdir success=no exit=EACCES(Permission denied) a0=0x7fffd60f0e59 a1=0777 a2=0x7fffd60ef2b0 a3=0x555587e0c274 items=2 ppid=57153 pid=57171 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=mkdir exe=/usr/bin/mkdir subj=system_u:system_r:selinux_autorelabel_generator_t:s0 key=(null) type=AVC msg=audit(04/29/2024 06:24:29.406:1290) : avc: denied { write } for pid=57171 comm=mkdir name=systemd dev="tmpfs" ino=2 scontext=system_u:system_r:selinux_autorelabel_generator_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=dir permissive=0