Bug ID 1205434
Summary SELinux audit messages for irqbalance
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter felix.niederwanger@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

On a Tumbleweed VM with SELinux enabled in permissive mode I noticed the
following messages in the AVC

> ausearch -ts boot -m avc
> ----
> time->Tue Nov 15 11:18:31 2022
> type=PROCTITLE msg=audit(1668507511.960:16): proctitle=2F7573722F7362696E2F69727162616C616E6365002D2D666F726567726F756E64
> type=SYSCALL msg=audit(1668507511.960:16): arch=c000003e syscall=41 success=yes exit=6 a0=10 a1=80003 a2=10 a3=0 items=0 ppid=1 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="irqbalance" exe="/usr/sbin/irqbalance" subj=system_u:system_r:irqbalance_t:s0 key=(null)
> type=AVC msg=audit(1668507511.960:16): avc:  denied  { create } for  pid=671 comm="irqbalance" scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=netlink_generic_socket permissive=1
> ----
> time->Tue Nov 15 11:18:31 2022
> type=PROCTITLE msg=audit(1668507511.960:17): proctitle=2F7573722F7362696E2F69727162616C616E6365002D2D666F726567726F756E64
> type=SYSCALL msg=audit(1668507511.960:17): arch=c000003e syscall=54 success=yes exit=0 a0=6 a1=1 a2=7 a3=7ffd03969f28 items=0 ppid=1 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="irqbalance" exe="/usr/sbin/irqbalance" subj=system_u:system_r:irqbalance_t:s0 key=(null)
> type=AVC msg=audit(1668507511.960:17): avc:  denied  { setopt } for  pid=671 comm="irqbalance" scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=netlink_generic_socket permissive=1
> ----
> time->Tue Nov 15 11:18:31 2022
> type=PROCTITLE msg=audit(1668507511.960:18): proctitle=2F7573722F7362696E2F69727162616C616E6365002D2D666F726567726F756E64
> type=SYSCALL msg=audit(1668507511.960:18): arch=c000003e syscall=49 success=yes exit=0 a0=6 a1=55f14ceb6a50 a2=c a3=10 items=0 ppid=1 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="irqbalance" exe="/usr/sbin/irqbalance" subj=system_u:system_r:irqbalance_t:s0 key=(null)
> type=AVC msg=audit(1668507511.960:18): avc:  denied  { bind } for  pid=671 comm="irqbalance" scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=netlink_generic_socket permissive=1
> ----
> time->Tue Nov 15 11:18:31 2022
> type=PROCTITLE msg=audit(1668507511.960:19): proctitle=2F7573722F7362696E2F69727162616C616E6365002D2D666F726567726F756E64
> type=SOCKADDR msg=audit(1668507511.960:19): saddr=100000009F0200B400000000
> type=SYSCALL msg=audit(1668507511.960:19): arch=c000003e syscall=51 success=yes exit=0 a0=6 a1=7ffd03969f74 a2=7ffd03969f70 a3=10 items=0 ppid=1 pid=671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="irqbalance" exe="/usr/sbin/irqbalance" subj=system_u:system_r:irqbalance_t:s0 key=(null)
> type=AVC msg=audit(1668507511.960:19): avc:  denied  { getattr } for  pid=671 comm="irqbalance" scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=netlink_generic_socket permissive=1

Rebooting into enforced mode work without obvious issues though.

You are receiving this mail because: