https://bugzilla.suse.com/show_bug.cgi?id=1230011 Bug ID: 1230011 Summary: [SELinux] systemd ibft rule generator denials in sl micro 6.1 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- sl micro 6.1 e.g. https://openqa.suse.de/tests/15296630#step/health_check/29 avc: denied { write } for pid=1851 comm="mkdir" name="udev" dev="tmpfs" ino=70 scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { add_name } for pid=1851 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { create } for pid=1851 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { write } for pid=693 comm="mkdir" name="udev" dev="tmpfs" ino=58 scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { add_name } for pid=693 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { create } for pid=693 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { write } for pid=679 comm="mkdir" name="udev" dev="tmpfs" ino=58 scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { add_name } for pid=679 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { create } for pid=679 comm="mkdir" name="rules.d" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 Overall unique AVCs: sle-micro/6.1 avc: denied { add_name } comm="mkdir" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { create } comm="mkdir" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 avc: denied { write } comm="mkdir" scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1 -- You are receiving this mail because: You are on the CC list for the bug.