C9s 20250730 build #2800
Merged
C9s 20250730 build #2800
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Related: RHEL-59145
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(07/25/2025 08:26:55.169:498) : proctitle=sh -c exec /usr/libexec/irqbalance/irq_policy.sh /sys 12
type=PATH msg=audit(07/25/2025 08:26:55.169:498) : item=0 name=/var/lib/sss/pipes/nss nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=SOCKADDR msg=audit(07/25/2025 08:26:55.169:498) : saddr={ saddr_fam=local path=/var/lib/sss/pipes/nss }
type=SYSCALL msg=audit(07/25/2025 08:26:55.169:498) : arch=x86_64 syscall=connect success=no exit=EACCES(Permission denied) a0=0x3 a1=0x7ffc248205f0 a2=0x6e a3=0x100 items=1 ppid=7934 pid=7993 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=sh exe=/usr/bin/bash subj=system_u:system_r:irqbalance_t:s0 key=(null)
type=AVC msg=audit(07/25/2025 08:26:55.169:498) : avc: denied { search } for pid=7993 comm=sh name=sss dev="vda2" ino=1105030 scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir permissive=0
Resolves: RHEL-1556
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(07/30/2025 08:37:27.908:577) : proctitle=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
type=PATH msg=audit(07/30/2025 08:37:27.908:577) : item=0 name=/tmp/wpa_ctrl_51140-1 inode=741016 dev=fd:01 mode=socket,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:tmp_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=SOCKADDR msg=audit(07/30/2025 08:37:27.908:577) : saddr={ saddr_fam=local path=/tmp/wpa_ctrl_51140-1 }
type=SYSCALL msg=audit(07/30/2025 08:37:27.908:577) : arch=x86_64 syscall=sendto success=no exit=EACCES(Permission denied) a0=0xb a1=0x55d5dc575d00 a2=0x5 a3=0x0 items=1 ppid=1 pid=49912 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=hostapd exe=/usr/sbin/hostapd subj=system_u:system_r:hostapd_t:s0 key=(null)
type=AVC msg=audit(07/30/2025 08:37:27.908:577) : avc: denied { write } for pid=49912 comm=hostapd name=wpa_ctrl_51140-1 dev="vda1" ino=741016 scontext=system_u:system_r:hostapd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file permissive=0
Resolves: RHEL-59683
Triggered when power-profiles-daemon attempts to set the performance
profile, e.g. when a game is launched.
The commit addresses the following AVC denial:
type=AVC msg=audit(1735563341.961:181): avc: denied { write } for pid=2897 comm="power-profiles-" name="energy_performance_preference" dev="sysfs" ino=23260 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
Resolves: RHEL-100718
The commit addresses the following AVC denial:
type=AVC msg=audit(1742596982.867:681): avc: denied { watch } for pid=8624 comm="power-profiles-" path="/sys/devices/system/cpu/intel_pstate" dev="sysfs" ino=20695 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=1
Resolves: RHEL-100718
strace snippet shows the following code path:
436 DEBUG(3, ("chat_with_program: Child failed to change password: %s\n", pass->pw_name));
437 kill(pid, SIGKILL); /* be sure to end this process */
Note this permission is now allowed only when the
samba_domain_controller tunable is on.
The commit addresses the following AVC denial:
type=PROCTITLE msg=audit(05/30/2025 20:38:26.556:3188) : proctitle=/usr/libexec/samba/rpcd_lsad --configfile=/etc/samba/smb.conf --worker-group=2 --worker-index=0 --debuglevel=0
type=OBJ_PID msg=audit(05/30/2025 20:38:26.556:3188) : opid=239220 oauid=unset ouid=root oses=-1 obj=system_u:system_r:passwd_t:s0 ocomm=passwd
type=SYSCALL msg=audit(05/30/2025 20:38:26.556:3188) : arch=ppc64le syscall=kill success=no exit=EACCES(Permission denied) a0=0x3a674 a1=SIGKILL a2=0x125751 a3=0x125674ef1 items=0 ppid=239206 pid=239216 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rpcd_lsad exe=/usr/libexec/samba/rpcd_lsad subj=system_u:system_r:winbind_rpcd_t:s0 key=(null)
type=AVC msg=audit(05/30/2025 20:38:26.556:3188) : avc: denied { sigkill } for pid=239216 comm=rpcd_lsad scontext=system_u:system_r:winbind_rpcd_t:s0 tcontext=system_u:system_r:passwd_t:s0 tclass=process permissive=0
Resolves: RHEL-100032
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.