9:18 a.m.
On 4/8/21 04:57, Remi Malessa wrote:
Thanks for your time Daniel, here's what appear in the audit when
I run "ls" :
type=AVC msg=audit(1617801763.586:47751): avc: denied { read } for pid=280379
comm="ls" name="Validation" dev="cifs" ino=281474976710700
scontext=system_u:system_r:container_t:s0:c100,c420 tcontext=system_u:object_r:cifs_t:s0
tclass=dir permissive=0
type=SYSCALL msg=audit(1617801763.586:47751): arch=c000003e syscall=257 success=no
exit=-13 a0=ffffff9c a1=555e8b326210 a2=90800 a3=0 items=0 ppid=280171 pid=280379
auid=724607387 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1058
comm="ls" exe="/bin/ls"
subj=system_u:system_r:container_t:s0:c100,c420 key=(null)ARCH=x86_64 SYSCALL=openat
AUID="rem" UID="root" GID="root" EUID="root"
SUID="root" FSUID="root" EGID="root" SGID="root"
FSGID="root"
type=PROCTITLE msg=audit(1617801763.586:47751): proctitle=6C73002D6C
type=AVC msg=audit(1617801766.605:47752): avc: denied { net_admin } for pid=280381
comm="dbus-daemon-lau" capability=12
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801766.605:47752): arch=c000003e syscall=54 success=no exit=-1
a0=5 a1=1 a2=21 a3=7ffdff2d9a50 items=0 ppid=280380 pid=280381 auid=4294967295 uid=81
gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295
comm="dbus-daemon-lau"
exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus"
EUID="root" SUID="root" FSUID="root" EGID="dbus"
SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801766.605:47752):
proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801766.605:47753): avc: denied { net_admin } for pid=280381
comm="dbus-daemon-lau" capability=12
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801766.605:47753): arch=c000003e syscall=54 success=no exit=-1
a0=5 a1=1 a2=20 a3=7ffdff2d9a50 items=0 ppid=280380 pid=280381 auid=4294967295 uid=81
gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295
comm="dbus-daemon-lau"
exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus"
EUID="root" SUID="root" FSUID="root" EGID="dbus"
SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801766.605:47753):
proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801766.608:47754): avc: denied { noatsecure } for pid=280381
comm="dbus-daemon-lau" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801766.608:47754): avc: denied { rlimitinh } for pid=280381
comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801766.608:47754): avc: denied { siginh } for pid=280381
comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=SYSCALL msg=audit(1617801766.608:47754): arch=c000003e syscall=59 success=yes exit=0
a0=5592801eaad0 a1=5592801eaa20 a2=5592801e88f0 a3=0 items=2 ppid=280380 pid=280381
auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987
tty=(none) ses=4294967295 comm="setroubleshootd"
exe="/usr/libexec/platform-python3.6"
subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=execve AUID="unset" UID="setroubleshoot"
GID="setroubleshoot" EUID="setroubleshoot"
SUID="setroubleshoot" FSUID="setroubleshoot"
EGID="setroubleshoot" SGID="setroubleshoot"
FSGID="setroubleshoot"
type=EXECVE msg=audit(1617801766.608:47754): argc=5
a0="/usr/libexec/platform-python" a1="-Es"
a2="/usr/sbin/setroubleshootd" a3="-f" a4=""
type=CWD msg=audit(1617801766.608:47754): cwd="/"
type=PATH msg=audit(1617801766.608:47754): item=0
name="/usr/libexec/platform-python" inode=269287 dev=fd:00 mode=0100755 ouid=0
ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0
cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1617801766.608:47754): item=1
name="/lib64/ld-linux-x86-64.so.2" inode=25347812 dev=fd:00 mode=0100755 ouid=0
ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0
cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1617801766.608:47754):
proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801768.907:47755): avc: denied { net_admin } for pid=280394
comm="dbus-daemon-lau" capability=12
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801768.907:47755): arch=c000003e syscall=54 success=no exit=-1
a0=6 a1=1 a2=21 a3=7ffec59c2f80 items=0 ppid=280393 pid=280394 auid=4294967295 uid=81
gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295
comm="dbus-daemon-lau"
exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus"
EUID="root" SUID="root" FSUID="root" EGID="dbus"
SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801768.907:47755):
proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7450726976696C65676564
type=AVC msg=audit(1617801768.907:47756): avc: denied { net_admin } for pid=280394
comm="dbus-daemon-lau" capability=12
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801768.907:47756): arch=c000003e syscall=54 success=no exit=-1
a0=6 a1=1 a2=20 a3=7ffec59c2f80 items=0 ppid=280393 pid=280394 auid=4294967295 uid=81
gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295
comm="dbus-daemon-lau"
exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus"
EUID="root" SUID="root" FSUID="root" EGID="dbus"
SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801768.907:47756):
proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7450726976696C65676564
type=AVC msg=audit(1617801768.910:47757): avc: denied { noatsecure } for pid=280394
comm="dbus-daemon-lau" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process
permissive=0
type=AVC msg=audit(1617801768.910:47757): avc: denied { rlimitinh } for pid=280394
comm="SetroubleshootP" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process
permissive=0
type=AVC msg=audit(1617801768.910:47757): avc: denied { siginh } for pid=280394
comm="SetroubleshootP" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process
permissive=0
type=SYSCALL msg=audit(1617801768.910:47757): arch=c000003e syscall=59 success=yes exit=0
a0=5613f94d0c40 a1=5613f94d2370 a2=5613f94ce8f0 a3=1 items=2 ppid=280393 pid=280394
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="SetroubleshootP"
exe="/usr/libexec/platform-python3.6"
subj=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64
SYSCALL=execve AUID="unset" UID="root" GID="root"
EUID="root" SUID="root" FSUID="root" EGID="root"
SGID="root" FSGID="root"
type=EXECVE msg=audit(1617801768.910:47757): argc=2
a0="/usr/libexec/platform-python"
a1="/usr/share/setroubleshoot/SetroubleshootPrivileged.py"
type=CWD msg=audit(1617801768.910:47757): cwd="/"
type=PATH msg=audit(1617801768.910:47757): item=0
name="/usr/libexec/platform-python" inode=269287 dev=fd:00 mode=0100755 ouid=0
ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0
cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1617801768.910:47757): item=1
name="/lib64/ld-linux-x86-64.so.2" inode=25347812 dev=fd:00 mode=0100755 ouid=0
ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0
cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1617801768.910:47757):
_______________________________________________
Podman mailing list --podman(a)lists.podman.io
To unsubscribe send an email topodman-leave(a)lists.podman.io
Could you enable the virt_use_samba boolean.
# setsebool -P virt_use_samba 1
Then it should work.