Bug 1043887
| Summary: | openstack-foreman-installer: Multiple AVC errors in /var/log/messages after finish running foreman_server.sh. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Omri Hochman <ohochman> | ||||||
| Component: | foreman-selinux | Assignee: | Lukas Zapletal <lzap> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Omri Hochman <ohochman> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 4.0 | CC: | dcleal, jguiditt, lzap, mburns, mlopes, morazi, rhos-maint, yeylon | ||||||
| Target Milestone: | ga | Keywords: | Triaged, ZStream | ||||||
| Target Release: | 5.0 (RHEL 7) | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| URL: | http://projects.theforeman.org/issues/3895 | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: |
Previously, OpenStack Foreman installer operations resulted in SELinux denials.
This update amends the Foreman SELinux policy. Consequently, denials are no longer generated during installation.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2014-08-04 18:33:07 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 837654 [details]
production.log
adding /var/log/foreman/production.log
Created attachment 837655 [details]
messages.log
adding /var/log/messages
[root@puma39 ~]# ps auxwwZ LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND system_u:system_r:init_t:s0 root 1 0.0 0.0 19356 1544 ? Ss 10:17 0:01 /sbin/init system_u:system_r:kernel_t:s0 root 2 0.0 0.0 0 0 ? S 10:17 0:00 [kthreadd] system_u:system_r:kernel_t:s0 root 3 0.0 0.0 0 0 ? S 10:17 0:00 [migration/0] system_u:system_r:kernel_t:s0 root 4 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/0] system_u:system_r:kernel_t:s0 root 5 0.0 0.0 0 0 ? S 10:17 0:00 [migration/0] system_u:system_r:kernel_t:s0 root 6 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/0] system_u:system_r:kernel_t:s0 root 7 0.0 0.0 0 0 ? S 10:17 0:00 [migration/1] system_u:system_r:kernel_t:s0 root 8 0.0 0.0 0 0 ? S 10:17 0:00 [migration/1] system_u:system_r:kernel_t:s0 root 9 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/1] system_u:system_r:kernel_t:s0 root 10 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/1] system_u:system_r:kernel_t:s0 root 11 0.0 0.0 0 0 ? S 10:17 0:00 [migration/2] system_u:system_r:kernel_t:s0 root 12 0.0 0.0 0 0 ? S 10:17 0:00 [migration/2] system_u:system_r:kernel_t:s0 root 13 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/2] system_u:system_r:kernel_t:s0 root 14 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/2] system_u:system_r:kernel_t:s0 root 15 0.0 0.0 0 0 ? S 10:17 0:00 [migration/3] system_u:system_r:kernel_t:s0 root 16 0.0 0.0 0 0 ? S 10:17 0:00 [migration/3] system_u:system_r:kernel_t:s0 root 17 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/3] system_u:system_r:kernel_t:s0 root 18 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/3] system_u:system_r:kernel_t:s0 root 19 0.0 0.0 0 0 ? S 10:17 0:00 [migration/4] system_u:system_r:kernel_t:s0 root 20 0.0 0.0 0 0 ? S 10:17 0:00 [migration/4] system_u:system_r:kernel_t:s0 root 21 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/4] system_u:system_r:kernel_t:s0 root 22 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/4] system_u:system_r:kernel_t:s0 root 23 0.0 0.0 0 0 ? S 10:17 0:00 [migration/5] system_u:system_r:kernel_t:s0 root 24 0.0 0.0 0 0 ? S 10:17 0:00 [migration/5] system_u:system_r:kernel_t:s0 root 25 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/5] system_u:system_r:kernel_t:s0 root 26 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/5] system_u:system_r:kernel_t:s0 root 27 0.0 0.0 0 0 ? S 10:17 0:01 [migration/6] system_u:system_r:kernel_t:s0 root 28 0.0 0.0 0 0 ? S 10:17 0:00 [migration/6] system_u:system_r:kernel_t:s0 root 29 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/6] system_u:system_r:kernel_t:s0 root 30 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/6] system_u:system_r:kernel_t:s0 root 31 0.0 0.0 0 0 ? S 10:17 0:00 [migration/7] system_u:system_r:kernel_t:s0 root 32 0.0 0.0 0 0 ? S 10:17 0:00 [migration/7] system_u:system_r:kernel_t:s0 root 33 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/7] system_u:system_r:kernel_t:s0 root 34 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/7] system_u:system_r:kernel_t:s0 root 35 0.0 0.0 0 0 ? S 10:17 0:00 [migration/8] system_u:system_r:kernel_t:s0 root 36 0.0 0.0 0 0 ? S 10:17 0:00 [migration/8] system_u:system_r:kernel_t:s0 root 37 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/8] system_u:system_r:kernel_t:s0 root 38 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/8] system_u:system_r:kernel_t:s0 root 39 0.0 0.0 0 0 ? S 10:17 0:00 [migration/9] system_u:system_r:kernel_t:s0 root 40 0.0 0.0 0 0 ? S 10:17 0:00 [migration/9] system_u:system_r:kernel_t:s0 root 41 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/9] system_u:system_r:kernel_t:s0 root 42 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/9] system_u:system_r:kernel_t:s0 root 43 0.0 0.0 0 0 ? S 10:17 0:00 [migration/10] system_u:system_r:kernel_t:s0 root 44 0.0 0.0 0 0 ? S 10:17 0:00 [migration/10] system_u:system_r:kernel_t:s0 root 45 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/10] system_u:system_r:kernel_t:s0 root 46 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/10] system_u:system_r:kernel_t:s0 root 47 0.0 0.0 0 0 ? S 10:17 0:00 [migration/11] system_u:system_r:kernel_t:s0 root 48 0.0 0.0 0 0 ? S 10:17 0:00 [migration/11] system_u:system_r:kernel_t:s0 root 49 0.0 0.0 0 0 ? S 10:17 0:00 [ksoftirqd/11] system_u:system_r:kernel_t:s0 root 50 0.0 0.0 0 0 ? S 10:17 0:00 [watchdog/11] system_u:system_r:kernel_t:s0 root 51 0.0 0.0 0 0 ? S 10:17 0:05 [events/0] system_u:system_r:kernel_t:s0 root 52 0.0 0.0 0 0 ? S 10:17 0:00 [events/1] system_u:system_r:kernel_t:s0 root 53 0.0 0.0 0 0 ? S 10:17 0:05 [events/2] system_u:system_r:kernel_t:s0 root 54 0.0 0.0 0 0 ? S 10:17 0:00 [events/3] system_u:system_r:kernel_t:s0 root 55 0.0 0.0 0 0 ? S 10:17 0:00 [events/4] system_u:system_r:kernel_t:s0 root 56 0.0 0.0 0 0 ? S 10:17 0:00 [events/5] system_u:system_r:kernel_t:s0 root 57 0.0 0.0 0 0 ? S 10:17 0:00 [events/6] system_u:system_r:kernel_t:s0 root 58 0.0 0.0 0 0 ? S 10:17 0:00 [events/7] system_u:system_r:kernel_t:s0 root 59 0.0 0.0 0 0 ? S 10:17 0:00 [events/8] system_u:system_r:kernel_t:s0 root 60 0.0 0.0 0 0 ? S 10:17 0:00 [events/9] system_u:system_r:kernel_t:s0 root 61 0.0 0.0 0 0 ? S 10:17 0:00 [events/10] system_u:system_r:kernel_t:s0 root 62 0.0 0.0 0 0 ? S 10:17 0:00 [events/11] system_u:system_r:kernel_t:s0 root 63 0.0 0.0 0 0 ? S 10:17 0:00 [cgroup] system_u:system_r:kernel_t:s0 root 64 0.0 0.0 0 0 ? S 10:17 0:00 [khelper] system_u:system_r:kernel_t:s0 root 65 0.0 0.0 0 0 ? S 10:17 0:00 [netns] system_u:system_r:kernel_t:s0 root 66 0.0 0.0 0 0 ? S 10:17 0:00 [async/mgr] system_u:system_r:kernel_t:s0 root 67 0.0 0.0 0 0 ? S 10:17 0:00 [pm] system_u:system_r:kernel_t:s0 root 68 0.0 0.0 0 0 ? S 10:17 0:00 [sync_supers] system_u:system_r:kernel_t:s0 root 69 0.0 0.0 0 0 ? S 10:17 0:00 [bdi-default] system_u:system_r:kernel_t:s0 root 70 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/0] system_u:system_r:kernel_t:s0 root 71 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/1] system_u:system_r:kernel_t:s0 root 72 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/2] system_u:system_r:kernel_t:s0 root 73 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/3] system_u:system_r:kernel_t:s0 root 74 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/4] system_u:system_r:kernel_t:s0 root 75 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/5] system_u:system_r:kernel_t:s0 root 76 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/6] system_u:system_r:kernel_t:s0 root 77 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/7] system_u:system_r:kernel_t:s0 root 78 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/8] system_u:system_r:kernel_t:s0 root 79 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/9] system_u:system_r:kernel_t:s0 root 80 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/10] system_u:system_r:kernel_t:s0 root 81 0.0 0.0 0 0 ? S 10:17 0:00 [kintegrityd/11] system_u:system_r:kernel_t:s0 root 82 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/0] system_u:system_r:kernel_t:s0 root 83 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/1] system_u:system_r:kernel_t:s0 root 84 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/2] system_u:system_r:kernel_t:s0 root 85 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/3] system_u:system_r:kernel_t:s0 root 86 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/4] system_u:system_r:kernel_t:s0 root 87 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/5] system_u:system_r:kernel_t:s0 root 88 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/6] system_u:system_r:kernel_t:s0 root 89 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/7] system_u:system_r:kernel_t:s0 root 90 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/8] system_u:system_r:kernel_t:s0 root 91 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/9] system_u:system_r:kernel_t:s0 root 92 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/10] system_u:system_r:kernel_t:s0 root 93 0.0 0.0 0 0 ? S 10:17 0:00 [kblockd/11] system_u:system_r:kernel_t:s0 root 94 0.0 0.0 0 0 ? S 10:17 0:00 [kacpid] system_u:system_r:kernel_t:s0 root 95 0.0 0.0 0 0 ? S 10:17 0:00 [kacpi_notify] system_u:system_r:kernel_t:s0 root 96 0.0 0.0 0 0 ? S 10:17 0:00 [kacpi_hotplug] system_u:system_r:kernel_t:s0 root 97 0.0 0.0 0 0 ? S 10:17 0:00 [ata_aux] system_u:system_r:kernel_t:s0 root 98 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/0] system_u:system_r:kernel_t:s0 root 99 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/1] system_u:system_r:kernel_t:s0 root 100 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/2] system_u:system_r:kernel_t:s0 root 101 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/3] system_u:system_r:kernel_t:s0 root 102 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/4] system_u:system_r:kernel_t:s0 root 103 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/5] system_u:system_r:kernel_t:s0 root 104 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/6] system_u:system_r:kernel_t:s0 root 105 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/7] system_u:system_r:kernel_t:s0 root 106 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/8] system_u:system_r:kernel_t:s0 root 107 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/9] system_u:system_r:kernel_t:s0 root 108 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/10] system_u:system_r:kernel_t:s0 root 109 0.0 0.0 0 0 ? S 10:17 0:00 [ata_sff/11] system_u:system_r:kernel_t:s0 root 110 0.0 0.0 0 0 ? S 10:17 0:00 [ksuspend_usbd] system_u:system_r:kernel_t:s0 root 111 0.0 0.0 0 0 ? S 10:17 0:00 [khubd] system_u:system_r:kernel_t:s0 root 112 0.0 0.0 0 0 ? S 10:17 0:00 [kseriod] system_u:system_r:kernel_t:s0 root 113 0.0 0.0 0 0 ? S 10:17 0:00 [md/0] system_u:system_r:kernel_t:s0 root 114 0.0 0.0 0 0 ? S 10:17 0:00 [md/1] system_u:system_r:kernel_t:s0 root 115 0.0 0.0 0 0 ? S 10:17 0:00 [md/2] system_u:system_r:kernel_t:s0 root 116 0.0 0.0 0 0 ? S 10:17 0:00 [md/3] system_u:system_r:kernel_t:s0 root 117 0.0 0.0 0 0 ? S 10:17 0:00 [md/4] system_u:system_r:kernel_t:s0 root 118 0.0 0.0 0 0 ? S 10:17 0:00 [md/5] system_u:system_r:kernel_t:s0 root 119 0.0 0.0 0 0 ? S 10:17 0:00 [md/6] system_u:system_r:kernel_t:s0 root 120 0.0 0.0 0 0 ? S 10:17 0:00 [md/7] system_u:system_r:kernel_t:s0 root 121 0.0 0.0 0 0 ? S 10:17 0:00 [md/8] system_u:system_r:kernel_t:s0 root 122 0.0 0.0 0 0 ? S 10:17 0:00 [md/9] system_u:system_r:kernel_t:s0 root 123 0.0 0.0 0 0 ? S 10:17 0:00 [md/10] system_u:system_r:kernel_t:s0 root 124 0.0 0.0 0 0 ? S 10:17 0:00 [md/11] system_u:system_r:kernel_t:s0 root 125 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/0] system_u:system_r:kernel_t:s0 root 126 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/1] system_u:system_r:kernel_t:s0 root 127 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/2] system_u:system_r:kernel_t:s0 root 128 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/3] system_u:system_r:kernel_t:s0 root 129 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/4] system_u:system_r:kernel_t:s0 root 130 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/5] system_u:system_r:kernel_t:s0 root 131 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/6] system_u:system_r:kernel_t:s0 root 132 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/7] system_u:system_r:kernel_t:s0 root 133 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/8] system_u:system_r:kernel_t:s0 root 134 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/9] system_u:system_r:kernel_t:s0 root 135 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/10] system_u:system_r:kernel_t:s0 root 136 0.0 0.0 0 0 ? S 10:17 0:00 [md_misc/11] system_u:system_r:kernel_t:s0 root 137 0.0 0.0 0 0 ? S 10:17 0:00 [linkwatch] system_u:system_r:kernel_t:s0 root 138 0.0 0.0 0 0 ? S 10:17 0:00 [khungtaskd] system_u:system_r:kernel_t:s0 root 139 0.0 0.0 0 0 ? S 10:17 0:00 [kswapd0] system_u:system_r:kernel_t:s0 root 140 0.0 0.0 0 0 ? SN 10:17 0:00 [ksmd] system_u:system_r:kernel_t:s0 root 141 0.0 0.0 0 0 ? SN 10:17 0:00 [khugepaged] system_u:system_r:kernel_t:s0 root 142 0.0 0.0 0 0 ? S 10:17 0:00 [aio/0] system_u:system_r:kernel_t:s0 root 143 0.0 0.0 0 0 ? S 10:17 0:00 [aio/1] system_u:system_r:kernel_t:s0 root 144 0.0 0.0 0 0 ? S 10:17 0:00 [aio/2] system_u:system_r:kernel_t:s0 root 145 0.0 0.0 0 0 ? S 10:17 0:00 [aio/3] system_u:system_r:kernel_t:s0 root 146 0.0 0.0 0 0 ? S 10:17 0:00 [aio/4] system_u:system_r:kernel_t:s0 root 147 0.0 0.0 0 0 ? S 10:17 0:00 [aio/5] system_u:system_r:kernel_t:s0 root 148 0.0 0.0 0 0 ? S 10:17 0:00 [aio/6] system_u:system_r:kernel_t:s0 root 149 0.0 0.0 0 0 ? S 10:17 0:00 [aio/7] system_u:system_r:kernel_t:s0 root 150 0.0 0.0 0 0 ? S 10:17 0:00 [aio/8] system_u:system_r:kernel_t:s0 root 151 0.0 0.0 0 0 ? S 10:17 0:00 [aio/9] system_u:system_r:kernel_t:s0 root 152 0.0 0.0 0 0 ? S 10:17 0:00 [aio/10] system_u:system_r:kernel_t:s0 root 153 0.0 0.0 0 0 ? S 10:17 0:00 [aio/11] system_u:system_r:kernel_t:s0 root 154 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/0] system_u:system_r:kernel_t:s0 root 155 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/1] system_u:system_r:kernel_t:s0 root 156 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/2] system_u:system_r:kernel_t:s0 root 157 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/3] system_u:system_r:kernel_t:s0 root 158 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/4] system_u:system_r:kernel_t:s0 root 159 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/5] system_u:system_r:kernel_t:s0 root 160 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/6] system_u:system_r:kernel_t:s0 root 161 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/7] system_u:system_r:kernel_t:s0 root 162 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/8] system_u:system_r:kernel_t:s0 root 163 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/9] system_u:system_r:kernel_t:s0 root 164 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/10] system_u:system_r:kernel_t:s0 root 165 0.0 0.0 0 0 ? S 10:17 0:00 [crypto/11] system_u:system_r:kernel_t:s0 root 170 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/0] system_u:system_r:kernel_t:s0 root 171 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/1] system_u:system_r:kernel_t:s0 root 172 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/2] system_u:system_r:kernel_t:s0 root 173 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/3] system_u:system_r:kernel_t:s0 root 174 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/4] system_u:system_r:kernel_t:s0 root 175 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/5] system_u:system_r:kernel_t:s0 root 176 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/6] system_u:system_r:kernel_t:s0 root 177 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/7] system_u:system_r:kernel_t:s0 root 178 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/8] system_u:system_r:kernel_t:s0 root 179 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/9] system_u:system_r:kernel_t:s0 root 180 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/10] system_u:system_r:kernel_t:s0 root 181 0.0 0.0 0 0 ? S 10:17 0:00 [kthrotld/11] system_u:system_r:kernel_t:s0 root 182 0.0 0.0 0 0 ? SN 10:17 0:06 [kipmi0] system_u:system_r:kernel_t:s0 root 184 0.0 0.0 0 0 ? S 10:17 0:00 [kpsmoused] system_u:system_r:kernel_t:s0 root 185 0.0 0.0 0 0 ? S 10:17 0:00 [usbhid_resumer] system_u:system_r:kernel_t:s0 root 216 0.0 0.0 0 0 ? S 10:17 0:00 [kstriped] system_u:system_r:kernel_t:s0 root 395 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_0] system_u:system_r:kernel_t:s0 root 396 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_1] system_u:system_r:kernel_t:s0 root 397 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_2] system_u:system_r:kernel_t:s0 root 398 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_3] system_u:system_r:kernel_t:s0 root 399 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_4] system_u:system_r:kernel_t:s0 root 400 0.0 0.0 0 0 ? S 10:17 0:00 [scsi_eh_5] system_u:system_r:kernel_t:s0 root 467 0.0 0.0 0 0 ? S 10:17 0:00 [kdmflush] system_u:system_r:kernel_t:s0 root 469 0.0 0.0 0 0 ? S 10:17 0:00 [kdmflush] system_u:system_r:kernel_t:s0 root 486 0.0 0.0 0 0 ? S 10:17 0:02 [jbd2/dm-0-8] system_u:system_r:kernel_t:s0 root 487 0.0 0.0 0 0 ? S 10:17 0:00 [ext4-dio-unwrit] system_u:system_r:udev_t:s0-s0:c0.c1023 root 581 0.0 0.0 11384 1472 ? S<s 10:17 0:00 /sbin/udevd -d system_u:system_r:kernel_t:s0 root 695 0.0 0.0 0 0 ? S 10:17 0:00 [edac-poller] system_u:system_r:kernel_t:s0 root 1086 0.0 0.0 0 0 ? S 10:17 0:00 [jbd2/sda1-8] system_u:system_r:kernel_t:s0 root 1087 0.0 0.0 0 0 ? S 10:17 0:00 [ext4-dio-unwrit] system_u:system_r:kernel_t:s0 root 1120 0.0 0.0 0 0 ? S 10:17 0:00 [kauditd] system_u:system_r:kernel_t:s0 root 1292 0.0 0.0 0 0 ? S 10:17 0:00 [flush-253:0] system_u:system_r:dhcpc_t:s0 root 1339 0.0 0.0 9120 776 ? Ss 10:18 0:00 /sbin/dhclient -H puma39.scl.lab.tlv.redhat.com -1 -q -cf /etc/dhcp/dhclient-eth2.conf -lf /var/lib/dhclient/dhclient-eth2.leases -pf /var/run/dhclient-eth2.pid eth2 system_u:system_r:syslogd_t:s0 root 1394 0.0 0.0 249088 1552 ? Sl 10:18 0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5 system_u:system_r:kernel_t:s0 root 1417 0.0 0.0 0 0 ? S 10:18 0:02 [kondemand/0] system_u:system_r:kernel_t:s0 root 1418 0.0 0.0 0 0 ? S 10:18 0:01 [kondemand/1] system_u:system_r:kernel_t:s0 root 1419 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/2] system_u:system_r:kernel_t:s0 root 1420 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/3] system_u:system_r:kernel_t:s0 root 1421 0.0 0.0 0 0 ? S 10:18 0:01 [kondemand/4] system_u:system_r:kernel_t:s0 root 1422 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/5] system_u:system_r:kernel_t:s0 root 1423 0.0 0.0 0 0 ? S 10:18 0:01 [kondemand/6] system_u:system_r:kernel_t:s0 root 1424 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/7] system_u:system_r:kernel_t:s0 root 1425 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/8] system_u:system_r:kernel_t:s0 root 1426 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/9] system_u:system_r:kernel_t:s0 root 1427 0.0 0.0 0 0 ? S 10:18 0:00 [kondemand/10] system_u:system_r:kernel_t:s0 root 1428 0.0 0.0 0 0 ? S 10:18 0:02 [kondemand/11] system_u:system_r:irqbalance_t:s0 root 1449 0.0 0.0 10820 620 ? Ss 10:18 0:02 irqbalance --pid=/var/run/irqbalance.pid system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 dbus 5510 0.0 0.0 97344 1504 ? Ssl 10:18 0:00 dbus-daemon --system system_u:system_r:apmd_t:s0 root 5540 0.0 0.0 4080 644 ? Ss 10:18 0:00 /usr/sbin/acpid system_u:system_r:hald_t:s0 68 5549 0.0 0.0 37764 4328 ? Ssl 10:18 0:00 hald system_u:system_r:hald_t:s0 root 5550 0.0 0.0 20324 1328 ? S 10:18 0:00 hald-runner system_u:system_r:hald_t:s0 root 5580 0.0 0.0 22444 1280 ? S 10:18 0:00 hald-addon-input: Listening on /dev/input/event3 /dev/input/event0 /dev/input/event1 system_u:system_r:hald_t:s0 68 5589 0.0 0.0 17932 1136 ? S 10:18 0:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket system_u:system_r:sshd_t:s0-s0:c0.c1023 root 5621 0.0 0.0 66604 1240 ? Ss 10:18 0:00 /usr/sbin/sshd system_u:system_r:postfix_master_t:s0 root 5699 0.0 0.0 81272 3420 ? Ss 10:18 0:00 /usr/libexec/postfix/master system_u:system_r:postfix_qmgr_t:s0 postfix 5706 0.0 0.0 81528 3428 ? S 10:18 0:00 qmgr -l -t fifo -u system_u:system_r:abrt_t:s0-s0:c0.c1023 root 5723 0.0 0.0 110320 1016 ? Ss 10:18 0:00 /usr/sbin/abrtd system_u:system_r:crond_t:s0-s0:c0.c1023 root 5731 0.0 0.0 117332 1432 ? Ss 10:18 0:01 crond system_u:system_r:crond_t:s0-s0:c0.c1023 root 5742 0.0 0.0 21540 476 ? Ss 10:18 0:00 /usr/sbin/atd system_u:system_r:rhsmcertd_t:s0 root 5750 0.0 0.0 104016 680 ? Ss 10:18 0:00 /usr/bin/rhsmcertd system_u:system_r:getty_t:s0 root 5779 0.0 0.0 4064 580 tty1 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty1 system_u:system_r:getty_t:s0 root 5781 0.0 0.0 4064 576 tty2 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty2 system_u:system_r:getty_t:s0 root 5783 0.0 0.0 4064 580 tty3 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty3 system_u:system_r:getty_t:s0 root 5785 0.0 0.0 4064 576 tty4 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty4 system_u:system_r:getty_t:s0 root 5787 0.0 0.0 4064 580 tty5 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty5 system_u:system_r:getty_t:s0 root 5789 0.0 0.0 4064 576 tty6 Ss+ 10:18 0:00 /sbin/mingetty /dev/tty6 system_u:system_r:udev_t:s0-s0:c0.c1023 root 5797 0.0 0.0 12304 2604 ? S< 10:18 0:00 /sbin/udevd -d system_u:system_r:udev_t:s0-s0:c0.c1023 root 5798 0.0 0.0 12304 2600 ? S< 10:18 0:00 /sbin/udevd -d system_u:system_r:getty_t:s0 root 5799 0.0 0.0 4080 628 ttyS0 Ss+ 10:18 0:00 /sbin/agetty /dev/ttyS0 115200 vt100-nav system_u:system_r:postfix_pickup_t:s0 postfix 13657 0.0 0.0 81356 3388 ? S 13:38 0:00 pickup -l -t fifo -u system_u:system_r:ntpd_t:s0 ntp 15419 0.0 0.0 30716 2108 ? Ss 10:20 0:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 15486 1.0 0.0 110240 1172 pts/0 R+ 14:26 0:00 ps auxwwZ unconfined_u:system_r:inetd_t:s0-s0:c0.c1023 root 17591 0.0 0.0 22180 968 ? Ss 10:30 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid unconfined_u:system_r:mysqld_safe_t:s0 root 17657 0.0 0.0 108168 1572 ? S 10:31 0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql unconfined_u:system_r:mysqld_t:s0 mysql 17815 0.1 0.1 598940 40788 ? Sl 10:31 0:18 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/puma39.scl.lab.tlv.redhat.com.err --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306 unconfined_u:system_r:named_t:s0 named 17859 0.0 0.0 477904 22268 ? Ssl 10:31 0:00 /usr/sbin/named -u named unconfined_u:system_r:dhcpd_t:s0 dhcpd 17984 0.0 0.0 46296 1488 ? Ss 10:32 0:00 /usr/sbin/dhcpd -user dhcpd -group dhcpd eth3 unconfined_u:system_r:httpd_t:s0 root 18041 0.0 0.0 209204 7276 ? Ss 10:32 0:00 /usr/sbin/httpd unconfined_u:system_r:passenger_t:s0 root 18097 0.0 0.0 214036 1784 ? Ssl 10:33 0:00 PassengerWatchdog unconfined_u:system_r:passenger_t:s0 root 18100 0.2 0.0 1168416 3748 ? Sl 10:33 0:32 PassengerHelperAgent unconfined_u:system_r:passenger_t:s0 nobody 18105 0.0 0.0 150480 3800 ? Sl 10:33 0:00 PassengerLoggingAgent unconfined_u:system_r:httpd_t:s0 apache 18115 0.0 0.0 209508 5728 ? S 10:33 0:03 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18116 0.0 0.0 209508 5728 ? S 10:33 0:04 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18117 0.0 0.0 209496 5768 ? S 10:33 0:04 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18118 0.0 0.0 209468 5728 ? S 10:33 0:04 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18119 0.0 0.0 209500 5752 ? S 10:33 0:04 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18120 0.0 0.0 209468 5772 ? S 10:33 0:03 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18121 0.0 0.0 209516 5792 ? S 10:33 0:04 /usr/sbin/httpd unconfined_u:system_r:httpd_t:s0 apache 18122 0.0 0.0 209500 5796 ? S 10:33 0:03 /usr/sbin/httpd unconfined_u:system_r:initrc_t:s0 497 18180 0.1 0.1 140928 46884 ? S 10:33 0:14 /usr/bin/ruby /usr/share/foreman-proxy/bin/smart-proxy unconfined_u:system_r:passenger_t:s0 foreman 18239 0.1 0.4 464612 146116 ? Sl 10:33 0:26 Passenger RackApp: /usr/share/foreman unconfined_u:system_r:passenger_t:s0 puppet 20466 0.6 0.5 273020 173008 ? Sl 11:12 1:13 Passenger RackApp: /etc/puppet/rack unconfined_u:system_r:httpd_t:s0 apache 20496 0.0 0.0 209508 5728 ? S 11:12 0:00 /usr/sbin/httpd system_u:system_r:sshd_t:s0-s0:c0.c1023 root 21238 0.0 0.0 100364 4112 ? Rs 11:30 0:00 sshd: root@pts/0 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 21243 0.0 0.0 108304 1924 pts/0 Ss 11:30 0:00 -bash Lukas, I think this may be a dupe of a BZ you are presently working for staypuft. Please have a look and close as dupe if appropriate. Putting this to MODIFIED because I believe this was tested with very old foreman-selinux package installed. Pleaase re-test with this package installed, latest build from brew should include it already today. Upstream builds that contain necessary work to get rid of these denials: https://github.com/theforeman/foreman-tasks/pull/54 https://github.com/theforeman/foreman-selinux/pull/18 (not yet merged) If you can upgrade to those (no brew builds yet) and re-test that would be fantastic: http://koji.katello.org/koji/taskinfo?taskID=111800 http://koji.katello.org/koji/taskinfo?taskID=112021 I think we can consider this to be dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1092980 because in that BZ no package was most likely installed (or maybe the old version too - I don't have any info about that in the report). POST is better I guess, no downstream builds yet. The fix was merged upstream: https://github.com/theforeman/foreman-selinux/pull/18 This build does contain the necessary changes: http://koji.katello.org/koji/buildinfo?buildID=10897 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2014-1003.html |
openstack-foreman-installer: Multiple AVC errors in /var/log/messages after finish running foreman_server.sh. Environment (Puddle 2013-12-16.1): ----------------------------------- openstack-foreman-installer-1.0.0-1.el6ost.noarch puppet-server-3.2.4-3.el6_5.noarch puppet-3.2.4-3.el6_5.noarch packstack-modules-puppet-2013.2.1-0.20.dev936.el6ost.noarch ruby-1.8.7.352-13.el6.x86_64 rubygems-1.8.16-1.el6.noarch foreman-selinux-1.3.0-1.el6sat.noarch selinux-policy-3.7.19-231.el6.noarch selinux-policy-targeted-3.7.19-231.el6.noarch Steps: -------- - Attempt to deploy foreman server using foreman_server.sh. Results: ---------- - Installation finish successful . - AVCs Errors remain under /var/log/messages /var/log/messages (attached) ------------------------------- Dec 17 10:29:35 puma39 dbus: avc: received policyload notice (seqno=2) Dec 17 10:29:37 puma39 dbus: avc: received policyload notice (seqno=3) Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:6): avc: denied { search } for pid=18188 comm="PassengerHelper" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passe nger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:7): avc: denied { read } for pid=18188 comm="PassengerHelper" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:p assenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:8): avc: denied { open } for pid=18188 comm="PassengerHelper" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:p assenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:33:14 puma39 kernel: type=1400 audit(1387269194.886:9): avc: denied { name_connect } for pid=18244 comm="ruby" dest=9090 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=s ystem_u:object_r:websm_port_t:s0 tclass=tcp_socket Dec 17 10:39:58 puma39 kernel: type=1400 audit(1387269598.109:10): avc: denied { name_connect } for pid=18244 comm="ruby" dest=9090 scontext=unconfined_u:system_r:passenger_t:s0 tcontext= system_u:object_r:websm_port_t:s0 tclass=tcp_socket Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:11): avc: denied { search } for pid=18782 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tc ontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:12): avc: denied { read } for pid=18782 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s 0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:13): avc: denied { open } for pid=18782 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s 0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.115:14): avc: denied { relabelto } for pid=18794 comm="ruby" name="yaml" dev=dm-0 ino=15992250 scontext=unconfined_u:system_r:pas senger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.128:15): avc: denied { relabelto } for pid=18794 comm="ruby" name="masterhttp.log" dev=dm-0 ino=15992648 scontext=unconfined_u:sy stem_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.136:16): avc: denied { relabelto } for pid=18794 comm="ruby" name="puma39.scl.lab.tlv.redhat.com.pem" dev=dm-0 ino=16122798 scont ext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.419:17): avc: denied { name_bind } for pid=18819 comm="ruby" src=22417 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=sys tem_u:object_r:port_t:s0 tclass=udp_socket Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.892:18): avc: denied { execute } for pid=18823 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:pas senger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.893:19): avc: denied { execute_no_trans } for pid=18823 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unco nfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 10:42:40 puma39 kernel: type=1400 audit(1387269760.627:20): avc: denied { execute } for pid=18997 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:pas senger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 10:42:40 puma39 kernel: type=1400 audit(1387269760.627:21): avc: denied { execute_no_trans } for pid=18997 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unco nfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:22): avc: denied { search } for pid=19042 comm="rpm" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 t context=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:23): avc: denied { read } for pid=19042 comm="rpm" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t: s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:24): avc: denied { open } for pid=19042 comm="rpm" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t: s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.037:25): avc: denied { getattr } for pid=18819 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=uncon fined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.038:26): avc: denied { execute } for pid=18819 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_ u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=fileDec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.040:27): avc: denied { read open } for pid=19100 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.040:28): avc: denied { execute_no_trans } for pid=19100 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 10:54:52 puma39 kernel: type=1400 audit(1387270492.145:29): avc: denied { execute } for pid=19452 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 10:54:52 puma39 kernel: type=1400 audit(1387270492.145:30): avc: denied { execute_no_trans } for pid=19452 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:01:03 puma39 kernel: type=1400 audit(1387270863.002:31): avc: denied { read } for pid=19952 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:01:03 puma39 kernel: type=1400 audit(1387270863.002:32): avc: denied { open } for pid=19952 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:01:08 puma39 kernel: type=1400 audit(1387270868.001:33): avc: denied { search } for pid=19954 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 11:10:28 puma39 kernel: type=1400 audit(1387271428.002:34): avc: denied { search } for pid=20198 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 11:11:22 puma39 kernel: type=1400 audit(1387271482.294:35): avc: denied { execute } for pid=20226 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:11:22 puma39 kernel: type=1400 audit(1387271482.295:36): avc: denied { execute_no_trans } for pid=20226 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:16:18 puma39 kernel: type=1400 audit(1387271778.002:37): avc: denied { read } for pid=20613 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:16:18 puma39 kernel: type=1400 audit(1387271778.002:38): avc: denied { open } for pid=20613 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:27:03 puma39 kernel: type=1400 audit(1387272423.002:39): avc: denied { execute } for pid=20883 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:27:03 puma39 kernel: type=1400 audit(1387272423.002:40): avc: denied { execute_no_trans } for pid=20883 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:30:33 puma39 kernel: type=1400 audit(1387272633.002:41): avc: denied { read } for pid=21256 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:30:33 puma39 kernel: type=1400 audit(1387272633.002:42): avc: denied { open } for pid=21256 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:43): avc: denied { search } for pid=8173 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:44): avc: denied { read } for pid=8173 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:45): avc: denied { open } for pid=8173 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 11:41:23 puma39 kernel: type=1400 audit(1387273283.103:46): avc: denied { execute } for pid=8990 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:41:23 puma39 kernel: type=1400 audit(1387273283.103:47): avc: denied { execute_no_trans } for pid=8990 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.252:48): avc: denied { getattr } for pid=20466 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.252:49): avc: denied { execute } for pid=20466 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.254:50): avc: denied { read open } for pid=9109 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.255:51): avc: denied { execute_no_trans } for pid=9109 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:52): avc: denied { search } for pid=9895 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:53): avc: denied { read } for pid=9895 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:54): avc: denied { open } for pid=9895 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file Dec 17 12:57:02 puma39 kernel: type=1400 audit(1387277822.628:55): avc: denied { execute } for pid=11925 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file Dec 17 12:57:02 puma39 kernel: type=1400 audit(1387277822.628:56): avc: denied { execute_no_trans } for pid=11925 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file