https://bugzilla.suse.com/show_bug.cgi?id=1231494 https://bugzilla.suse.com/show_bug.cgi?id=1231494#c2 Cathy Hu <cathy.hu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |jsegitz@suse.com --- Comment #2 from Cathy Hu <cathy.hu@suse.com> --- @Johannes, i think it might have to do with the fix for bsc#1209890, could you have a look? feel free to unassign yourself if you dont have the time ;D my theory is when rsyncd is called by systemd, it transitions into rsync_t and then tries to execute the rsyncd wrapper from bsc#1209890, see: https://gitlab.suse.de/selinux/selinux-policy/-/blob/factory/policy/modules/... https://build.opensuse.org/projects/network/packages/rsync/files/rsyncd?expa... when i run in permissive at least it looks like it: ---- time->Thu Oct 17 18:35:16 2024 type=AVC msg=audit(1729182916.865:1742): avc: denied { execute } for pid=242836 comm="rsyncd" path="/usr/bin/bash" dev="vda3" ino=924322 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1 ---- time->Thu Oct 17 18:35:16 2024 type=AVC msg=audit(1729182916.868:1743): avc: denied { execute } for pid=242836 comm="rsyncd" name="rsync" dev="vda3" ino=924189 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- time->Thu Oct 17 18:35:16 2024 type=AVC msg=audit(1729182916.868:1744): avc: denied { execute_no_trans } for pid=242836 comm="rsyncd" path="/usr/bin/rsync" dev="vda3" ino=924189 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 ---- time->Thu Oct 17 18:35:16 2024 type=AVC msg=audit(1729182916.868:1745): avc: denied { open } for pid=242836 comm="rsync" path="/var/log/rsyncd.log" dev="vda3" ino=1181678 scontext=system_u:system_r:rsync_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file permissive=1 -- You are receiving this mail because: You are on the CC list for the bug.