On Sat, Oct 15, 2022 at 6:55 PM Peter Boy <pboy@xxxxxxxxxxxxx> wrote:
When creating a new VM on Fedora Server I get 2 AVCs, which I didn’t noticed in F36:
SELinux is preventing virtlogd from using the execmem access on a process.
type=AVC msg=audit(1665815361.392:451): avc: denied { execmem } for pid=2086 comm="virtlogd" scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=process permissive=0
SELinux is preventing libvirt_leasesh from using the execmem access on a process.
type=AVC msg=audit(1665851006.673:774): avc: denied { execmem } for pid=6252 comm="libvirt_leasesh" scontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tcontext=system_u:system_r:dnsmasq_t:s0-s0:c0.c1023 tclass=process permissive=0
These execmem access violations were virulent a few years ago, but at least on my F36 servers I haven't seen any of them anymore.
Am I the only one where they are back?
Hello Peter,
There is a bugzilla:
which is being worked on.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Zdenek Pytela
Security SELinux team
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
