AVC found in the audit log regarding "fapolicyd_t" and "rpm_var_lib_t" SELinux types

Solution Verified - Updated 2021-03-31T06:38:15+00:00 -

Issue

Checking the audit log, we can see an AVC related to fapolicyd service attempting to create a RPM database lock file

type=SYSCALL ... syscall=257 success=no exit=-13 ... ppid=1 pid=PID ... comm="fapolicyd" exe="/usr/sbin/fapolicyd" subj=system_u:system_r:fapolicyd_t:s0 ...
type=AVC ...: avc:  denied  { write } for  pid=PID comm="fapolicyd" name="rpm" ... scontext=system_u:system_r:fapolicyd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir permissive=0

The AVC may also be seen for add_name operation instead of write operation.

fapolicyd service seems functional anyway

Environment

Red Hat Enterprise Linux 8
- fapolicyd
- selinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

AVC found in the audit log regarding "fapolicyd_t" and "rpm_var_lib_t" SELinux types

Issue

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?