[Rpm-maint] [rpm-software-management/rpm] rpm 4.20 triggers a dac_read_search capability request (Issue #3468)
Zdeněk Pytela
notifications at github.com
Mon Nov 25 15:04:53 UTC 2024
**Describe the bug**
sudo rpm --rebuilddb
executed by a non-root user finishes successfully, but generates AVC denials.
**To Reproduce**
$ sudo rpm --rebuilddb
$ sudo ausearch -i -m avc -ts recent
**Expected behavior**
No error and no AVC Denial.
**Output**
type=PROCTITLE msg=audit(11/25/2024 09:52:51.327:230) : proctitle=/usr/bin/rpmdb --rebuilddb
type=PATH msg=audit(11/25/2024 09:52:51.327:230) : item=0 name=~/.config/rpm/rpmrc nametype=UNKNOWN cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/25/2024 09:52:51.327:230) : cwd=/home/user1
type=SYSCALL msg=audit(11/25/2024 09:52:51.327:230) : arch=x86_64 syscall=access success=no exit=EACCES(Permission denied) a0=0x55cc5de60a70 a1=R_OK a2=0xffffffffffffff70 a3=0x40 items=1 ppid=1120 pid=1121 auid=user1 uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts2 ses=3 comm=rpmdb exe=/usr/bin/rpmdb subj=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(11/25/2024 09:52:51.327:230) : avc: denied { dac_override } for pid=1121 comm=rpmdb capability=dac_override scontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tclass=capability permissive=0
type=AVC msg=audit(11/25/2024 09:52:51.327:230) : avc: denied { dac_read_search } for pid=1121 comm=rpmdb capability=dac_read_search scontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:rpmdb_t:s0-s0:c0.c1023 tclass=capability permissive=0
**Environment**
rpm-4.20.0-1.fc42.x86_64
Seems to be an effect of
https://github.com/rpm-software-management/rpm/issues/2153
**Additional context**
If original user's config is taken into account, denials will always be audited given that default homedir permissions are 0700.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3468
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3468 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241125/1f704fd9/attachment.htm>
More information about the Rpm-maint
mailing list