Bug ID 1226824
Summary [SELinux] growpart-generator AVC denials
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mcepl@suse.com
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker ---

mitmanek:~ # ausearch -m AVC -ts boot
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.392:27): avc:  denied  { execute } for  pid=1227
comm="growpart-genera" path="/usr/bin/bash" dev="nvme0n1p3" ino=124016
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.395:28): avc:  denied  { read } for  pid=1227
comm="growpart-genera" name="passwd" dev="overlay" ino=726
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.395:29): avc:  denied  { open } for  pid=1227
comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=726
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.395:30): avc:  denied  { getattr } for  pid=1227
comm="growpart-genera" path="/etc/passwd" dev="overlay" ino=726
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.395:31): avc:  denied  { execute } for  pid=1240
comm="growpart-genera" name="findmnt" dev="nvme0n1p3" ino=229659
scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.395:32): avc:  denied  { execute_no_trans } for 
pid=1240 comm="growpart-genera" path="/usr/bin/findmnt" dev="nvme0n1p3"
ino=229659 scontext=system_u:system_r:systemd_generic_generator_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1
----
time->Sun Jun 23 01:51:49 2024
type=AVC msg=audit(1719100309.399:33): avc:  denied  { getattr } for  pid=1239
comm="systemd-fstab-g" path="/.snapshots" dev="nvme0n1p3" ino=256
scontext=system_u:system_r:systemd_fstab_generator_t:s0
tcontext=system_u:object_r:snapperd_data_t:s0 tclass=dir permissive=1
----
time->Sun Jun 23 02:01:49 2024
type=AVC msg=audit(1719100909.876:105): avc:  denied  { unlink } for  pid=1793
comm="bootctl" name="bfb41e21a4f34f10958f75adb1378666-6.9.3-1-default-114.conf"
dev="nvme0n1p2" ino=46 scontext=system_u:system_r:snapperd_t:s0
tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=1
mitmanek:~ # rpm -q selinux-policy
selinux-policy-20240617-1.1.noarch
mitmanek:~ # 

This is on MicroOS with the latest Tumbleweed packages as of 2024-06-23.


You are receiving this mail because: