Closed zpytela closed 4 days ago
The systemd_nsresourced_prog_run_bpf() interface was added. The commit addresses the following AVC denial: type=PROCTITLE msg=audit(06/19/2024 21:19:30.819:6470) : proctitle=perf record -o /dev/null echo test type=SYSCALL msg=audit(06/19/2024 21:19:30.819:6470) : arch=x86_64 syscall=bpf success=no exit=EACCES(Permission denied) a0=BPF_PROG_GET_FD_BY_ID a1=0x7ffc7b65dd10 a2=0xc a3=0x30 items=0 ppid=170615 pid=170616 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts2 ses=121 comm=perf exe=/usr/bin/perf subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(06/19/2024 21:19:30.819:6470) : avc: denied { prog_run } for pid=170616 comm=perf scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_nsresourced_t:s0 tclass=bpf permissive=0
The systemd_nsresourced_prog_run_bpf() interface was added. The commit addresses the following AVC denial: type=PROCTITLE msg=audit(06/19/2024 21:19:30.819:6470) : proctitle=perf record -o /dev/null echo test type=SYSCALL msg=audit(06/19/2024 21:19:30.819:6470) : arch=x86_64 syscall=bpf success=no exit=EACCES(Permission denied) a0=BPF_PROG_GET_FD_BY_ID a1=0x7ffc7b65dd10 a2=0xc a3=0x30 items=0 ppid=170615 pid=170616 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts2 ses=121 comm=perf exe=/usr/bin/perf subj=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(06/19/2024 21:19:30.819:6470) : avc: denied { prog_run } for pid=170616 comm=perf scontext=sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_nsresourced_t:s0 tclass=bpf permissive=0