Closed zpytela closed 1 month ago
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(04/24/2024 20:21:11.708:1626) : proctitle=/usr/bin/python3 -Es /usr/sbin/setroubleshootd -f type=PATH msg=audit(04/24/2024 20:21:11.708:1626) : item=0 name=/proc/sys/vm/max_map_count inode=137784 dev=00:14 mode=file,644 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sysctl_vm_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=SYSCALL msg=audit(04/24/2024 20:21:11.708:1626) : arch=x86_64 syscall=newfstatat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f799d8a8ad0 a2=0x7f799d881050 a3=0x0 items=1 ppid=1 pid=65298 auid=unset uid=setroubleshoot gid=setroubleshoot euid=setroubleshoot suid=setroubleshoot fsuid=setroubleshoot egid=setroubleshoot sgid=setroubleshoot fsgid=setroubleshoot tty=(none) ses=unset comm=setroubleshootd exe=/usr/bin/python3.9 subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(04/24/2024 20:21:11.708:1626) : avc: denied { getattr } for pid=65298 comm=setroubleshootd path=/proc/sys/vm/max_map_count dev="proc" ino=137784 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file permissive=0
Resolves: RHEL-34078
Cockpit tests failed for commit 4fdd2951b0cff0c55dfa7094fcfa5f1f37f12ed5. @martinpitt, @jelly, @mvollmer please check.
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(04/24/2024 20:21:11.708:1626) : proctitle=/usr/bin/python3 -Es /usr/sbin/setroubleshootd -f type=PATH msg=audit(04/24/2024 20:21:11.708:1626) : item=0 name=/proc/sys/vm/max_map_count inode=137784 dev=00:14 mode=file,644 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sysctl_vm_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 type=SYSCALL msg=audit(04/24/2024 20:21:11.708:1626) : arch=x86_64 syscall=newfstatat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7f799d8a8ad0 a2=0x7f799d881050 a3=0x0 items=1 ppid=1 pid=65298 auid=unset uid=setroubleshoot gid=setroubleshoot euid=setroubleshoot suid=setroubleshoot fsuid=setroubleshoot egid=setroubleshoot sgid=setroubleshoot fsgid=setroubleshoot tty=(none) ses=unset comm=setroubleshootd exe=/usr/bin/python3.9 subj=system_u:system_r:setroubleshootd_t:s0 key=(null) type=AVC msg=audit(04/24/2024 20:21:11.708:1626) : avc: denied { getattr } for pid=65298 comm=setroubleshootd path=/proc/sys/vm/max_map_count dev="proc" ino=137784 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=file permissive=0
Resolves: RHEL-34078