Bug ID 1230011
Summary [SELinux] systemd ibft rule generator denials in sl micro 6.1
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter cathy.hu@suse.com
QA Contact security-team@suse.de
Target Milestone ---
Found By ---
Blocker --- 

sl micro 6.1
e.g. https://openqa.suse.de/tests/15296630#step/health_check/29

avc: denied { write } for pid=1851 comm="mkdir" name="udev" dev="tmpfs" ino=70
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { add_name } for pid=1851 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { create } for pid=1851 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { write } for pid=693 comm="mkdir" name="udev" dev="tmpfs"
ino=58 scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { add_name } for pid=693 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { create } for pid=693 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { write } for pid=679 comm="mkdir" name="udev" dev="tmpfs"
ino=58 scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { add_name } for pid=679 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { create } for pid=679 comm="mkdir" name="rules.d"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
Overall unique AVCs:
sle-micro/6.1
        avc: denied { add_name } comm="mkdir"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { create } comm="mkdir"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1
        avc: denied { write } comm="mkdir"
scontext=system_u:system_r:systemd_ibft_rule_generator_t:s0
tcontext=system_u:object_r:udev_var_run_t:s0 tclass=dir permissive=1

You are receiving this mail because: