Open cwrx777 opened 5 months ago
k3s: v1.29.4+k3s1 k3s-selinux 1.5
I got this error when trying to run F5 NGINX ingress controller.
type=PROCTITLE msg=audit(1718353401.246:10299006): proctitle=2F7573722F7362696E2F6E67696E78002D76 type=SYSCALL msg=audit(1718353401.246:10299006): arch=c000003e syscall=10 success=no exit=-13 a0=7f248b40a000 a1=4000 a2=1 a3=7f248b261208 items=0 ppid=3968793 pid=3968810 auid=4294967295 uid=101 gid=101 euid=101 suid=101 fsuid=101 egid=101 sgid=101 fsgid=101 tty=(none) ses=4294967295 comm="nginx" exe="/usr/sbin/nginx" subj=system_u:system_r:container_t:s0:c217,c459 key=(null) type=AVC msg=audit(1718353401.246:10299006): avc: denied { read } for pid=3968810 comm="nginx" path="/usr/lib/x86_64-linux-gnu/libc.so.6" dev="dm-10" ino=548935078 scontext=system_u:system_r:container_t:s0:c217,c459 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0
any idea why /usr/lib/x86_64-linux-gnu/libc.so.6 is unlabeled_t ?
/usr/lib/x86_64-linux-gnu/libc.so.6
unlabeled_t
k3s: v1.29.4+k3s1 k3s-selinux 1.5
I got this error when trying to run F5 NGINX ingress controller.
any idea why
/usr/lib/x86_64-linux-gnu/libc.so.6isunlabeled_t?