rhsmcertd worker regularly generates "sys_admin" AVC
Issue
-
The following AVCs are regularly seen in the audit log
type=PROCTITLE msg=audit(07/10/2023 16:16:25.141:28612) : proctitle=/usr/libexec/platform-python /usr/libexec/rhsmcertd-worker type=SYSCALL msg=audit(07/10/2023 16:16:25.141:28612) : arch=x86_64 syscall=flistxattr success=yes exit=17 a0=0xb a1=0x0 a2=0x0 a3=0x55abcbafc3c0 items=0 ppid=3461560 pid=3462381 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(07/10/2023 16:16:25.141:28612) : avc: denied { sys_admin } for pid=3462381 comm=rhsmcertd-worke capability=sys_admin scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=capability permissive=0 ---- type=PROCTITLE msg=audit(07/10/2023 16:16:25.142:28613) : proctitle=/usr/libexec/platform-python /usr/libexec/rhsmcertd-worker type=SYSCALL msg=audit(07/10/2023 16:16:25.142:28613) : arch=x86_64 syscall=flistxattr success=yes exit=17 a0=0xb a1=0x55abcb885360 a2=0x11 a3=0x55abcbafc3c0 items=0 ppid=3461560 pid=3462381 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(07/10/2023 16:16:25.142:28613) : avc: denied { sys_admin } for pid=3462381 comm=rhsmcertd-worke capability=sys_admin scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=capability permissive=0
Environment
- Red Hat Enterprise Linux 8
- subscription-manager
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
