Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix IPC connectto issue within QM container #468

Closed
aesteve-rh opened this issue Jun 27, 2024 · 0 comments · Fixed by #467
Closed

Fix IPC connectto issue within QM container #468

aesteve-rh opened this issue Jun 27, 2024 · 0 comments · Fixed by #467

Comments

@aesteve-rh
Copy link
Collaborator

Fix the remaining error for UNIX socket IPC usecase:

$ ausearch -m avc -ts recent
time->Thu Jun 27 07:34:37 2024
type=PROCTITLE msg=audit(1719473677.966:298): proctitle=707974686F6E33002F7573722F62696E2F6970632D636C69656E74
type=SYSCALL msg=audit(1719473677.966:298): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7fffa4ec5970 a2=1b a3=7f3d0c3c2c70 items=0 ppid=716 pid=718 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python3" exe="/usr/bin/python3.12" subj=system_u:system_r:qm_container_ipc_t:s0:c76,c146 key=(null)
type=AVC msg=audit(1719473677.966:298): avc:  denied  { connectto } for  pid=718 comm="python3" path="/run/ipc-demo/ipc.socket" scontext=system_u:system_r:qm_container_ipc_t:s0:c76,c146 tcontext=system_u:system_r:container_runtime_t:s0 tclass=unix_stream_socket permissive=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

qm.if: allow stream connect for qm_container_ipc_t aesteve-rh/qm
1 participant
@aesteve-rh