rhsmcertd-worker AVC accessing /usr/sbin/kpatch
Issue
-
After upgrading to RHEL 8.3 receiving Access Vector Cache (AVC) from
rhsmcertd-worker
type=SYSCALL msg=audit(1604431296.300:1172): arch=c000003e syscall=4 success=no exit=-13 items=0 ppid=1350 pid=15881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=### comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(1604431296.300:1172): avc: denied { getattr } for pid=15881 comm="rhsmcertd-worke" path="/usr/sbin/kpatch" dev="dm-0" ino=1337388 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:kpatch_exec_t:s0 tclass=file permissive=0
-
SELinux is preventing
rhsmcertd-worker
which uses python3.6 from getattr & execute access to/usr/sbin/kpatch
file. -
After upgrading to
subscription-manager-1.27.18-1.el8_3
receiving Access Vector Cache (AVC) fromrhsmcertd-worker
type=SYSCALL msg=audit(1613560762.896:7143): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=7fff2b035c50 a2=1c a3=31 items=0 ppid=1273 pid=42572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null) -- type=AVC msg=audit(1613560762.896:7143): avc: denied { node_bind } for pid=42572 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0
Environment
- Red Hat Enterprise Linux (RHEL) 8.3
- subscription-manager-1.27.16-1.el8
- subscription-manager-1.27.18-1.el8_3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.