Project

General

Profile

Bug #13015

Passenger AVC under Ruby 2.2 with tcp_socket and diagnostic_con...

Added by Dominic Cleal almost 6 years ago. Updated almost 6 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
General Foreman
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

The following AVC is throw under EL7 (at least) in the nightly repos containing rebuilds of Foreman on Ruby 2.2 etc (#7228).

type=AVC msg=audit(1452084104.098:936): avc:  denied  { accept } for  pid=8423 comm="diagnostic_con*" laddr=127.0.0.1 lport=41301 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1452084104.098:936): arch=c000003e syscall=288 success=no exit=-13 a0=a a1=7fe57f78d2f0 a2=7fe57f78d2ec a3=80000 items=0 ppid=6132 pid=8423 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby22/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)

The Passenger version is unchanged, and contexts appear to be correct.


Related issues

Related to Packaging - Feature #7228: Rebuild packages under ror41/ruby22 SCLsClosed2014-08-22

History

#1 Updated by Dominic Cleal almost 6 years ago

  • Related to Feature #7228: Rebuild packages under ror41/ruby22 SCLs added

#2 Updated by Dominic Cleal almost 6 years ago

  • Status changed from New to Rejected
  • Legacy Backlogs Release (now unused) deleted (71)

Unsure if this is reproducible, will leave it closed in case it pops up again in systests.

The currently loaded policy according to both sesearch and audit2allow showed that this AVC shouldn't happen.

Also available in: Atom PDF