Bug ID 1228402
Summary [SELinux] need policy for status-mail-gen and ibft-rule-gener systemd generators
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee cathy.hu@suse.com
Reporter cathy.hu@suse.com
QA Contact security-team@suse.de
Target Milestone ---
Found By ---
Blocker --- 

SLFO:Main and also maybe factory

install ALpha3 + install merge -> systemctl daemon-reload


----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.336:121): avc:  denied  { execute } for  pid=1815
comm="status-mail-gen" path="/usr/bin/bash" dev="vda3" ino=1331
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.336:122): avc:  denied  { read } for  pid=1815
comm="status-mail-gen" name="passwd" dev="overlay" ino=982
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.336:123): avc:  denied  { open } for  pid=1815
comm="status-mail-gen" path="/etc/passwd" dev="overlay" ino=982
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.336:124): avc:  denied  { getattr } for  pid=1815
comm="status-mail-gen" path="/etc/passwd" dev="overlay" ino=982
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.348:125): avc:  denied  { execute } for  pid=1810
comm="ibft-rule-gener" path="/usr/bin/bash" dev="vda3" ino=1331
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.348:126): avc:  denied  { search } for  pid=1810
comm="ibft-rule-gener" name="udev" dev="tmpfs" ino=62
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.348:127): avc:  denied  { getattr } for  pid=1810
comm="ibft-rule-gener" path="/run/udev/rules.d" dev="tmpfs" ino=691
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.348:128): avc:  denied  { execute } for  pid=1810
comm="ibft-rule-gener" name="rm" dev="vda3" ino=1977
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
----
time->Mon Jul 29 10:57:52 2024
type=AVC msg=audit(1722243472.352:129): avc:  denied  { execute_no_trans } for 
pid=1832 comm="ibft-rule-gener" path="/usr/bin/rm" dev="vda3" ino=1977
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1

You are receiving this mail because: