"avc: denied { open }" on /var/log/insights-client/insights-client.log for command "chronyc" when executing insights-client
Issue
-
When executing
insights-clienton systems that have Sophos Anti-Virus (sav-protect.service) installed, the following AVC is seentype=AVC msg=audit(...): avc: denied { open } for pid=XXX comm="chronyc" path="/var/log/insights-client/insights-client.log" ... scontext=system_u:system_r:chronyc_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 -
The following messages are seen in the journal at the time the AVC is displayed
kernel: [...] talpa-vetting: [intercepted XXX-PID-PID] Open failed (-13), will have no stream kernel: [...] talpa-deny: Error occurred while closing /var/log/insights-client/insights-client.log on behalf of process chronyc[PID/PID] owned by 0(0)/0(0) <60> kernel: [...] talpa-vetting: [intercepted XXX-PID-PID] Open failed (-13), will have no stream kernel: [...] talpa-deny: Error occurred while closing /var/log/insights-client/insights-client.log on behalf of process chronyc[PID/PID] owned by 0(0)/0(0) <60> kernel: [...] talpa-vetting: [intercepted XXX-PID-PID] Open failed (-13), will have no stream kernel: [...] talpa-deny: Error occurred while closing /var/log/insights-client/insights-client.log on behalf of process chronyc[PID/PID] owned by 0(0)/0(0) <60> savd: Error detected: 0x3c: Unable to write to talpa socket in /var/log/insights-client/insights-client.log savd: Error detected: 0x3c: Unable to write to talpa socket in /var/log/insights-client/insights-client.log savd: Error detected: 0x3c: Unable to write to talpa socket in /var/log/insights-client/insights-client.log
Environment
- Red Hat Enterprise Linux 7 and later
- Sophos Anti-Virus
- insights-client
- chronyc
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
