<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
This is a leaked key from cron into the container. I have no idea
how the crond keyring got into the container. Did you somehow
restart docker via crond?<br>
<br>
<div class="moz-cite-prefix">On 06/17/2015 08:46 AM, Laurent Rineau
wrote:<br>
</div>
<blockquote cite="mid:1849068.ZAb2NY7VsE@renoir.geometryfactory.com"
type="cite">
<pre wrap="">I have a container whose entrypoint uses 'su' to drop its privileges. The run of the container triggers an AVC, but the container seems to run normally.
That is on a server, and the SELinux Troubleshooter sends me emails (see the attachment).
Two questions:
1/ Is there a way to report bugs to Bugzilla using the command line sealert tool (or another command line tool), like what we can do using the GUI?
2/ What should I do to fix that issue, if that is one?
I copy-paste here the AVC (the attached email have more information):
type=AVC msg=audit(1434542552.136:6332403): avc: denied { search } for pid=11266 comm="su" scontext=system_u:system_r:svirt_lxc_net_t:s0:c68,c965 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=key
type=SYSCALL msg=audit(1434542552.136:6332403): arch=x86_64 syscall=keyctl success=no exit=EACCES a0=0 a1=fffffffd a2=0 a3=7f7c50a132f0 items=0 ppid=11065 pid=11266 auid=4294967295 uid=500 gid=501 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=su exe=/usr/bin/su subj=system_u:system_r:svirt_lxc_net_t:s0:c68,c965 key=(null)
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
selinux mailing list
<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
<br>
</body>
</html>