Bug 1025673

Summary: repetitive AVCs with monitoring with selinux-policy-3.7.19-231.el6.noarch
Product: Red Hat Satellite 5 Reporter: Jan Hutař <jhutar>
Component: MonitoringAssignee: Milan Zázrivec <mzazrivec>
Status: CLOSED WONTFIX QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 560CC: ggainey
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-28 18:44:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 462714    

Description Jan Hutař 2013-11-01 08:53:39 UTC 
Description of problem:
On RHEL6 we now have updated from selinux-policy-3.7.19-195.el6_4.13.noarch to selinux-policy-3.7.19-231.el6.noarch and then these AVC SELinux messages started to periodically appear in audit.log:


type=AVC msg=audit(1383294977.003:911): avc:  denied  { read } for  pid=9151 comm="TSDBLocalQueue." name="1383284835.8529" dev=dm-0 ino=539963 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.003:911): arch=c000003e syscall=2 success=yes exit=6 a0=10ae840 a1=0 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1383294977.028:912): avc:  denied  { write } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.028:912): arch=c000003e syscall=2 success=yes exit=6 a0=10ab990 a1=241 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1383294977.042:913): avc:  denied  { rename } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=AVC msg=audit(1383294977.042:913): avc:  denied  { unlink } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions" dev=dm-0 ino=539957 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.042:913): arch=c000003e syscall=82 success=yes exit=0 a0=10ae750 a1=10abb60 a2=8 a3=8875f0 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)


Version-Release number of selected component (if applicable):
spacewalk-monitoring-2.0.1-1.el6sat.noarch
spacewalk-monitoring-selinux-2.0.1-1.el6sat.noarch
selinux-policy-3.7.19-231.el6.noarch


How reproducible:
always


Steps to Reproduce:
1. Enable Monitoring on RHEL6/Permissive system with given selinux-policy
   version, setup some probes
2. Monitor /var/log/audit/audit.log


Actual results:
AVCs generated


Expected results:
no AVCs should be generated
Comment 3 Grant Gainey 2017-04-28 18:44:41 UTC 
Monitoring has a number of issues, and is being removed in the upcoming SATELLITE-5.8 release. Closing, WONTFIX