Bug 1093609

Summary: ami-9b2651ab RHEL 7.0 x86_64 us-west-2
Product: Cloud Image Validation Reporter: Vitaly Kuznetsov <vkuznets>
Component: imagesAssignee: mkovacik
Status: CLOSED CURRENTRELEASE QA Contact: mkovacik
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: RHEL7.0Keywords: TestOnly
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-22 15:03:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ami-9b2651ab.yaml none

Description Vitaly Kuznetsov 2014-05-02 08:13:11 UTC
Comment 1 Vitaly Kuznetsov 2014-05-02 08:13:13 UTC 
Created attachment 891743 [details]
ami-9b2651ab.yaml
Comment 2 Vitaly Kuznetsov 2014-05-02 08:13:18 UTC 
Validation failed for ami-9b2651ab in us-west-2 product: RHEL, version: 7.0, arch: x86_64

m3.xlarge
test stage1:testcase_01_bash_history succeeded
test stage1:testcase_02_selinux_context succeeded
test stage1:testcase_03_running_services succeeded
test stage1:testcase_06_inittab succeeded
test stage1:testcase_07_libc6_xen_conf succeeded
test stage1:testcase_08_memory succeeded
test stage1:testcase_09_nameserver succeeded
test stage1:testcase_10_networking succeeded
test stage1:testcase_11_package_set succeeded
test stage1:testcase_14_host_details succeeded
test stage1:testcase_15_rhel_version succeeded
test stage1:testcase_16_selinux succeeded
test stage1:testcase_17_shells succeeded
test stage1:testcase_18_sshd succeeded
test stage1:testcase_19_rhn_system_id succeeded
test stage1:testcase_20_auditd succeeded
test stage1:testcase_21_disk_size_format succeeded
test stage1:testcase_25_uname succeeded
test stage1:testcase_26_verify_rpms succeeded
test stage1:testcase_27_yum_repos failed
--->
	actual repos: {'rhui-REGION-client-config-server-7-beta': True, 'rhui-REGION-rhel-server-releases-beta': True, 'rhui-REGION-rhel-server-releases-debug-beta': False, 'rhui-REGION-rhel-server-releases-source-beta': False}
	expected repos: {'rhui-REGION-client-config-server-7': True, 'rhui-REGION-rhel-server-releases-debug': False, 'rhui-REGION-rhel-server-releases': True, 'rhui-REGION-rhel-server-releases-source': False}
	result: failed
<---
test stage1:testcase_31_subscription_management succeeded
test stage1:testcase_32_ephemeral succeeded
test stage1:testcase_33_userdata succeeded
test stage1:testcase_34_cpu succeeded
test stage1:testcase_35_console succeeded
test stage1:testcase_360_ebs succeeded
test stage1:testcase_39_root_is_locked succeeded
test stage1:testcase_41_rh_amazon_rhui_client failed
--->
	actual: 1
	command: rpm -q rh-amazon-rhui-client
	result: failed
<---
test stage1:testcase_50_yum_package_install succeeded
test stage1:testcase_55_yum_group_install failed
--->
	actual: 1
	command: yum -y groupinstall 'Development tools'
	result: failed
<---
--->
	actual: 1
	command: rpm -q glibc-devel
	result: failed
<---
test stage1:testcase_60_yum_update succeeded
test stage1:testcase_61_yum_proxy skipped
--->
	comment: No proxy set
	result: skip
<---
test stage1:testcase_62_cpuflags succeeded
test stage1:testcase_80_no_avc_denials succeeded
test stage1:testcase_99_reboot succeeded
test stage2:testcase_08_memory succeeded
test stage2:testcase_25_uname succeeded
test stage2:testcase_37_sshd_bug923996 succeeded
test stage2:testcase_62_cpuflags succeeded
test stage2:testcase_80_no_avc_denials failed
--->
	actual: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
START
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.937:4): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="shmmax" dev="proc" ino=1279 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.950:5): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="shmall" dev="proc" ino=1280 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.964:6): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="sysrq" dev="proc" ino=1281 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.964:7): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=1282 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.964:8): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=1286 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.964:9): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=1287 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:39 ip-10-214-3-143 kernel: type=1400 audit(1399017218.964:10): avc:  denied  { write } for  pid=238 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=1289 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.867:33): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="shmmax" dev="proc" ino=1279 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:34): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="shmall" dev="proc" ino=1280 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:35): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="sysrq" dev="proc" ino=1281 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:36): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=1282 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:37): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=1286 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:38): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=1287 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:39): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=1289 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017220.868:40): avc:  denied  { write } for  pid=573 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=1290 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.269:43): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="shmmax" dev="proc" ino=1279 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:44): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="shmall" dev="proc" ino=1280 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:45): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="sysrq" dev="proc" ino=1281 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:46): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=1282 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:47): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=1286 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:48): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=1287 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:49): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=1289 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017221.270:50): avc:  denied  { write } for  pid=726 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=1290 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
END
[root@ip-10-214-3-143 ~]# 
	command: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
	expectation: 
START
END

	result: failed
<---
Comment 3 Vitaly Kuznetsov 2014-05-02 08:17:12 UTC 
Verified:
rh-amazon-rhui-client-beta included,
content was not released to production rhui,
avc issues are not fixed in 3.10.0-54.0.1.el7 (https://bugzilla.redhat.com/show_bug.cgi?id=1071858)
Comment 4 mkovacik 2014-07-22 15:03:20 UTC 
housekeeping