rhsmcertd-worker AVC accessing /usr/sbin/kpatch

Solution Verified - Updated -

Issue

  • After upgrading to RHEL 8.3 receiving Access Vector Cache (AVC) from rhsmcertd-worker

    type=SYSCALL msg=audit(1604431296.300:1172): arch=c000003e syscall=4 success=no exit=-13
    items=0 ppid=1350 pid=15881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=###
    comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
    type=AVC msg=audit(1604431296.300:1172): avc:  denied  { getattr } for  pid=15881 comm="rhsmcertd-worke" path="/usr/sbin/kpatch"
    dev="dm-0" ino=1337388 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:kpatch_exec_t:s0 tclass=file permissive=0
    
  • SELinux is preventing rhsmcertd-worker which uses python3.6 from getattr & execute access to /usr/sbin/kpatch file.

  • After upgrading to subscription-manager-1.27.18-1.el8_3 receiving Access Vector Cache (AVC) from rhsmcertd-worker

    type=SYSCALL msg=audit(1613560762.896:7143): arch=c000003e syscall=49 success=no exit=-13
    a0=7 a1=7fff2b035c50 a2=1c a3=31 items=0 ppid=1273 pid=42572 auid=4294967295
    uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
    comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
    --
    type=AVC msg=audit(1613560762.896:7143): avc:  denied  { node_bind } for
    pid=42572 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0
    

Environment

  • Red Hat Enterprise Linux (RHEL) 8.3
  • subscription-manager-1.27.16-1.el8
  • subscription-manager-1.27.18-1.el8_3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content