rhsmcertd-worker AVC accessing /usr/sbin/kpatch

Solution Verified - Updated -

Issue

  • After upgrading to RHEL 8.3 receiving Access Vector Cache (AVC) from rhsmcertd-worker

    type=SYSCALL msg=audit(1604431296.300:1172): arch=c000003e syscall=4 success=no exit=-13
    items=0 ppid=1350 pid=15881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=###
    comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
    type=AVC msg=audit(1604431296.300:1172): avc:  denied  { getattr } for  pid=15881 comm="rhsmcertd-worke" path="/usr/sbin/kpatch"
    dev="dm-0" ino=1337388 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:kpatch_exec_t:s0 tclass=file permissive=0
    
  • SELinux is preventing rhsmcertd-worker which uses python3.6 from getattr & execute access to /usr/sbin/kpatch file.

  • After upgrading to subscription-manager-1.27.18-1.el8_3 receiving Access Vector Cache (AVC) from rhsmcertd-worker

    type=SYSCALL msg=audit(1613560762.896:7143): arch=c000003e syscall=49 success=no exit=-13
    a0=7 a1=7fff2b035c50 a2=1c a3=31 items=0 ppid=1273 pid=42572 auid=4294967295
    uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
    comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
    --
    type=AVC msg=audit(1613560762.896:7143): avc:  denied  { node_bind } for
    pid=42572 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0
    

Environment

  • Red Hat Enterprise Linux (RHEL) 8.3
  • subscription-manager-1.27.16-1.el8
  • subscription-manager-1.27.18-1.el8_3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In