Project

General

Profile

Actions
Copy link

Bug #13015

closed

Passenger AVC under Ruby 2.2 with tcp_socket and diagnostic_con...

Added by Dominic Cleal over 8 years ago. Updated over 8 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
General Foreman
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The following AVC is throw under EL7 (at least) in the nightly repos containing rebuilds of Foreman on Ruby 2.2 etc (#7228).

type=AVC msg=audit(1452084104.098:936): avc:  denied  { accept } for  pid=8423 comm="diagnostic_con*" laddr=127.0.0.1 lport=41301 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1452084104.098:936): arch=c000003e syscall=288 success=no exit=-13 a0=a a1=7fe57f78d2f0 a2=7fe57f78d2ec a3=80000 items=0 ppid=6132 pid=8423 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby22/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)

The Passenger version is unchanged, and contexts appear to be correct.

Related issues 1 (0 open1 closed)

Related to Packaging - Feature #7228: Rebuild packages under ror41/ruby22 SCLsClosedDominic Cleal08/22/2014Actions
Actions
Copy link

Also available in: Atom PDF