Logs filled with "user-runtime-dir@0.service: Control process exited, code=exited status=1"

Solution Verified - Updated -

Issue

  • The system journal shows many instances of the following error message, generated every time a session is opened for root user

    May 15 08:31:16 [...] systemd[1]: user-runtime-dir@0.service: Control process exited, code=exited status=1 
May 15 08:32:16 [...] systemd[1]: user-runtime-dir@0.service: Control process exited, code=exited status=1 
May 15 08:33:16 [...] systemd[1]: user-runtime-dir@0.service: Control process exited, code=exited status=1 
May 15 08:34:16 [...] systemd[1]: user-runtime-dir@0.service: Control process exited, code=exited status=1

  • The audit log shows AVCs related to newfstatat system call and insights_client_tmp_t context

    # ausearch -m avc -i -ts recent
[...]
type=PROCTITLE msg=audit([...]) : proctitle=/usr/lib/systemd/systemd-user-runtime-dir stop 0 
type=PATH msg=audit([...]) : item=0 name=/run/user/0 inode=1268237 dev=00:18 mode=dir,700 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:insights_client_tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0 
type=CWD msg=audit([...]) : cwd=/ 
type=SYSCALL msg=audit([...]) : arch=x86_64 syscall=newfstatat success=no exit=EACCES(Permission denied) a0=AT_FDCWD a1=0x7ffea07613c0 a2=0x7ffea0760f60 a3=0x100 items=1 ppid=1 pid=152391 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=systemd-user-ru exe=/usr/lib/systemd/systemd-user-runtime-dir subj=system_u:system_r:systemd_logind_t:s0 key=(null) 
type=AVC msg=audit([...]) : avc:  denied  { getattr } for  pid=152391 comm=systemd-user-ru path=/run/user/0 dev="tmpfs" ino=1268237 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:insights_client_tmp_t:s0 tclass=dir permissive=0

  • Fixing the SELinux context of folder /run/user/0 fixes the issue for some time but later issue reoccurs

Environment

  • Red Hat Enterprise Linux 8
    • insights-client

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content