SC4S fails to start on RHEL 8 systems with fapolicyd enabled

[myriadic]

On RHEL8 systems, with fapolicyd enabled, sc4s fails with the error:

May 16 17:50:29 ip-172-31-35-51.us-east-2.compute.internal podman[9324]: Error: /usr/bin/runc: error while loading shared libraries: libpthread.so.0: cannot open shared object file: Operation not permitted: OCI permission denied May 16 17:50:29 ip-172-31-35-51.us-east-2.compute.internal systemd[1]: sc4s.service: Main process exited, code=exited, status=126/n/a May 16 17:50:29 ip-172-31-35-51.us-east-2.compute.internal systemd[1]: sc4s.service: Failed with result 'exit-code'.

when running fapolicyd in debug mode, the following logs are generated:

rule=6 dec=deny_audit perm=open auid=-1 pid=9500 exe=/ : path=/usr/lib64/libpthread-2.28.so ftype=application/x-sharedlib trust=1 rule=6 dec=deny_audit perm=open auid=-1 pid=9500 exe=/ : path=/usr/lib64/libpthread-2.28.so ftype=application/x-sharedlib trust=1

On way to resolve this is the following:

1. create the file /etc/fapolicyd/rules.d/15-sc4s.rules
2. put this into the file: allow perm=open exe=/ : dir=/usr/lib64/ all trust=1
3. run fagenrules --load to load the new rule
4. run systemctl restart fapolicyd to restart the process
5. start sc4s systemctl start sc4s and verify there are no errors systemctl status sc4s