On 4/8/21 04:57, Remi Malessa wrote:
Thanks for your time Daniel, here's what appear in the audit when I run "ls" :

type=AVC msg=audit(1617801763.586:47751): avc:  denied  { read } for  pid=280379 comm="ls" name="Validation" dev="cifs" ino=281474976710700 scontext=system_u:system_r:container_t:s0:c100,c420 tcontext=system_u:object_r:cifs_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1617801763.586:47751): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=555e8b326210 a2=90800 a3=0 items=0 ppid=280171 pid=280379 auid=724607387 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1058 comm="ls" exe="/bin/ls" subj=system_u:system_r:container_t:s0:c100,c420 key=(null)ARCH=x86_64 SYSCALL=openat AUID="rem" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1617801763.586:47751): proctitle=6C73002D6C
type=AVC msg=audit(1617801766.605:47752): avc:  denied  { net_admin } for  pid=280381 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801766.605:47752): arch=c000003e syscall=54 success=no exit=-1 a0=5 a1=1 a2=21 a3=7ffdff2d9a50 items=0 ppid=280380 pid=280381 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus" EUID="root" SUID="root" FSUID="root" EGID="dbus" SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801766.605:47752): proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801766.605:47753): avc:  denied  { net_admin } for  pid=280381 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801766.605:47753): arch=c000003e syscall=54 success=no exit=-1 a0=5 a1=1 a2=20 a3=7ffdff2d9a50 items=0 ppid=280380 pid=280381 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus" EUID="root" SUID="root" FSUID="root" EGID="dbus" SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801766.605:47753): proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801766.608:47754): avc:  denied  { noatsecure } for  pid=280381 comm="dbus-daemon-lau" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801766.608:47754): avc:  denied  { rlimitinh } for  pid=280381 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801766.608:47754): avc:  denied  { siginh } for  pid=280381 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process permissive=0
type=SYSCALL msg=audit(1617801766.608:47754): arch=c000003e syscall=59 success=yes exit=0 a0=5592801eaad0 a1=5592801eaa20 a2=5592801e88f0 a3=0 items=2 ppid=280380 pid=280381 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="setroubleshoot" GID="setroubleshoot" EUID="setroubleshoot" SUID="setroubleshoot" FSUID="setroubleshoot" EGID="setroubleshoot" SGID="setroubleshoot" FSGID="setroubleshoot"
type=EXECVE msg=audit(1617801766.608:47754): argc=5 a0="/usr/libexec/platform-python" a1="-Es" a2="/usr/sbin/setroubleshootd" a3="-f" a4=""
type=CWD msg=audit(1617801766.608:47754): cwd="/"
type=PATH msg=audit(1617801766.608:47754): item=0 name="/usr/libexec/platform-python" inode=269287 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1617801766.608:47754): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25347812 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1617801766.608:47754): proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7464
type=AVC msg=audit(1617801768.907:47755): avc:  denied  { net_admin } for  pid=280394 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801768.907:47755): arch=c000003e syscall=54 success=no exit=-1 a0=6 a1=1 a2=21 a3=7ffec59c2f80 items=0 ppid=280393 pid=280394 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus" EUID="root" SUID="root" FSUID="root" EGID="dbus" SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801768.907:47755): proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7450726976696C65676564
type=AVC msg=audit(1617801768.907:47756): avc:  denied  { net_admin } for  pid=280394 comm="dbus-daemon-lau" capability=12  scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=SYSCALL msg=audit(1617801768.907:47756): arch=c000003e syscall=54 success=no exit=-1 a0=6 a1=1 a2=20 a3=7ffec59c2f80 items=0 ppid=280393 pid=280394 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/usr/libexec/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=setsockopt AUID="unset" UID="dbus" GID="dbus" EUID="root" SUID="root" FSUID="root" EGID="dbus" SGID="dbus" FSGID="dbus"
type=PROCTITLE msg=audit(1617801768.907:47756): proctitle=2F2F7573722F6C6962657865632F646275732D312F646275732D6461656D6F6E2D6C61756E63682D68656C706572006F72672E6665646F726170726F6A6563742E536574726F75626C6573686F6F7450726976696C65676564
type=AVC msg=audit(1617801768.910:47757): avc:  denied  { noatsecure } for  pid=280394 comm="dbus-daemon-lau" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801768.910:47757): avc:  denied  { rlimitinh } for  pid=280394 comm="SetroubleshootP" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1617801768.910:47757): avc:  denied  { siginh } for  pid=280394 comm="SetroubleshootP" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 tclass=process permissive=0
type=SYSCALL msg=audit(1617801768.910:47757): arch=c000003e syscall=59 success=yes exit=0 a0=5613f94d0c40 a1=5613f94d2370 a2=5613f94ce8f0 a3=1 items=2 ppid=280393 pid=280394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="SetroubleshootP" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:unconfined_service_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=execve AUID="unset" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=EXECVE msg=audit(1617801768.910:47757): argc=2 a0="/usr/libexec/platform-python" a1="/usr/share/setroubleshoot/SetroubleshootPrivileged.py"
type=CWD msg=audit(1617801768.910:47757): cwd="/"
type=PATH msg=audit(1617801768.910:47757): item=0 name="/usr/libexec/platform-python" inode=269287 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PATH msg=audit(1617801768.910:47757): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25347812 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
type=PROCTITLE msg=audit(1617801768.910:47757):
_______________________________________________
Podman mailing list -- podman@lists.podman.io
To unsubscribe send an email to podman-leave@lists.podman.io

Could you enable the virt_use_samba boolean.


# setsebool -P virt_use_samba 1


Then it should work.