Actions
Bug #13015
closed
Passenger AVC under Ruby 2.2 with tcp_socket and diagnostic_con...
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
General Foreman
Target version:
-
Description
The following AVC is throw under EL7 (at least) in the nightly repos containing rebuilds of Foreman on Ruby 2.2 etc (#7228).
type=AVC msg=audit(1452084104.098:936): avc: denied { accept } for pid=8423 comm="diagnostic_con*" laddr=127.0.0.1 lport=41301 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1452084104.098:936): arch=c000003e syscall=288 success=no exit=-13 a0=a a1=7fe57f78d2f0 a2=7fe57f78d2ec a3=80000 items=0 ppid=6132 pid=8423 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby22/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
The Passenger version is unchanged, and contexts appear to be correct.
Updated by Dominic Cleal over 8 years ago
- Related to Feature #7228: Rebuild packages under ror41/ruby22 SCLs added
Updated by Dominic Cleal over 8 years ago
- Status changed from New to Rejected
- translation missing: en.field_release deleted (
71)
Unsure if this is reproducible, will leave it closed in case it pops up again in systests.
The currently loaded policy according to both sesearch and audit2allow showed that this AVC shouldn't happen.
Actions