On Wed, Feb 28, 2018 at 10:27:08AM +0100, Dominick Grift wrote:
> Since Linux 4.16 (to atleast RC2) user space started to excessively trigger
> cap_sys_module
>
> Here is one example of such and event:
>
> type=SYSCALL msg=audit(02/27/2018 08:06:40.017:74) : arch=x86_64
> syscall=ioctl success=no exit=ENOTTY(Inappropriate ioctl for device) a0=0x2
> a1=TCGETS a2=0x7fff2d89f8f0 a3=0x55ba203a9010 items=0 ppid=1 pid=423
> auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root
> sgid=root fsgid=root tty=(none) ses=unset comm=systemd-user-se
> exe=/usr/lib/systemd/systemd-user-sessions
> subj=sys.id:sys.role:user_sessions.subj:s0 key=(null)
> type=AVC msg=audit(02/27/2018 08:06:40.017:74) : avc: denied { sys_module }
> for pid=423 comm=systemd-user-se capability=sys_module
> scontext=sys.id:sys.role:user_sessions.subj:s0
> tcontext=sys.id:sys.role:user_sessions.subj:s0 tclass=capability permissive=1
> type=AVC msg=audit(02/27/2018 08:06:40.017:74) : avc: denied {
> module_request } for pid=423 comm=systemd-user-se
> kmod=6E65746465762D80E72A05257F
> scontext=sys.id:sys.role:user_sessions.subj:s0
> tcontext=sys.id:sys.role:sys.isid:s0 tclass=system permissive=1
>
> Any idea what causes this and how to fix it?For reference: https://github.com/fedora-selinux/selinux-policy/commit/2c13be1fb543c51935785e7a43b798a9f35f5aa0#comments > > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
signature.asc
Description: PGP signature
