Closed zpytela closed 6 hours ago
This permission is required for ip-vrf to be able to set security context using setexecfilecon(3).
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(06/14/2024 05:11:03.557:807) : proctitle=/usr/sbin/ip vrf exec vrf1 /usr/bin/sleep 3600 type=SYSCALL msg=audit(06/14/2024 05:11:03.557:807) : arch=x86_64 syscall=write success=yes exit=32 a0=0x4 a1=0x55cb385f46e0 a2=0x20 a3=0x55cb385f4010 items=0 ppid=1 pid=19201 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ip exe=/usr/sbin/ip subj=system_u:system_r:ifconfig_t:s0 key=(null) type=AVC msg=audit(06/14/2024 05:11:03.557:807) : avc: denied { setexec } for pid=19201 comm=ip scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=process permissive=1
Resolves: rhbz#41182
This permission is required for ip-vrf to be able to set security context using setexecfilecon(3).
The commit addresses the following AVC denial: type=PROCTITLE msg=audit(06/14/2024 05:11:03.557:807) : proctitle=/usr/sbin/ip vrf exec vrf1 /usr/bin/sleep 3600 type=SYSCALL msg=audit(06/14/2024 05:11:03.557:807) : arch=x86_64 syscall=write success=yes exit=32 a0=0x4 a1=0x55cb385f46e0 a2=0x20 a3=0x55cb385f4010 items=0 ppid=1 pid=19201 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ip exe=/usr/sbin/ip subj=system_u:system_r:ifconfig_t:s0 key=(null) type=AVC msg=audit(06/14/2024 05:11:03.557:807) : avc: denied { setexec } for pid=19201 comm=ip scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=process permissive=1
Resolves: rhbz#41182