You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apologies if this is not a bug. I'm not entirely clear on what constitutes a policy issue and what constitutes something that should just be fixed locally with audit2allow. I'm running on Debian Bookworm 12.1, and the policy version seems to be 2:2.20221101-9 according to dpkg.
If I have a confined user user_u logged in via SSH, they're unable to execute /usr/bin/java. The specific audit message is:
type=AVC msg=audit(1690449095.045:5358): avc: denied { use } for pid=37681 comm="java" path="/dev/pts/2" dev="devpts" ino=5 scontext=user_u:user_r:java_t:s0 tcontext=system_u:system_r:sshd_t:s0 tclass=fd permissive=0
The use case here is a Jenkins agent; the Jenkins server logs into a machine over SSH and executes a Java agent that's then used to accept commands from the server to check out and build code.
The text was updated successfully, but these errors were encountered:
Hello!
Apologies if this is not a bug. I'm not entirely clear on what constitutes a policy issue and what constitutes something that should just be fixed locally with
audit2allow
. I'm running on Debian Bookworm 12.1, and the policy version seems to be2:2.20221101-9
according todpkg
.If I have a confined user
user_u
logged in via SSH, they're unable to execute/usr/bin/java
. The specific audit message is:The suggested
audit2allow
rule is:The use case here is a Jenkins agent; the Jenkins server logs into a machine over SSH and executes a Java agent that's then used to accept commands from the server to check out and build code.
The text was updated successfully, but these errors were encountered: