[CentOS] [C8 stream] unix_chkpwd wants access to /proc

Mon Jun 14 15:01:27 UTC 2021
Chris Adams <linux at cmadams.net>

Once upon a time, Chris Adams <linux at cmadams.net> said:
> Once upon a time, Łukasz Posadowski <mail at lukaszposadowski.pl> said:
> > From 11.06 journal is logging a lot of denied access to /proc for
> > unix_chkpwd by selinux. They are so frequent, that I see them in
> > htop. :) Right now I have 2122 logges denials. 
> > 
> > Is it OK for unix_chkpwd to poke in /proc? It has to know who is
> > logged in, do probably yes, bit I'm not sure.
> I haven't dug into it, but I'm thinking there was some policy or library
> change that isn't quite right... sssd_be also has the same denial on
> startup (so every boot).

Went ahead and poked at it - the issue is the new version of libcap-ng.
Opened https://bugzilla.redhat.com/show_bug.cgi?id=1971688
Chris Adams <linux at cmadams.net>