Bug 1104270
| Summary: | SELinux reoccurring avc: denied { name_connect } for pid=14925 comm="ruby" dest=9200 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Jan Hutař <jhutar> |
| Component: | SELinux | Assignee: | Lukas Zapletal <lzap> |
| Status: | CLOSED DUPLICATE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | Nightly | CC: | bbuckingham |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-25 10:20:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. Hey, this will be fixed in the upcoming build. Unfortunately the latest two snaps did not contain valid selinux build. This was fixed some time ago. *** This bug has been marked as a duplicate of bug 1078265 *** |
Description of problem: SELinux reports reoccurring avc: denied { name_connect } for pid=14925 comm="ruby" dest=9200 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket Version-Release number of selected component (if applicable): Satellite-6.0.3-RHEL-6-20140529.0 # rpm -qa | grep selinux | sort candlepin-selinux-0.9.7-1.el6_5.noarch foreman-selinux-1.6.0-3.el6sat.noarch libselinux-2.0.94-5.3.el6_4.1.x86_64 libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 libselinux-python-2.0.94-5.3.el6_4.1.x86_64 libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64 libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 pulp-selinux-2.4.0-0.18.beta.el6sat.noarch selinux-policy-3.7.19-231.el6.noarch selinux-policy-targeted-3.7.19-231.el6.noarch How reproducible: Looks like ti appears periodically about every 3 minutes Steps to Reproduce: Unknown Actual results: type=AVC msg=audit(1401814096.195:9181): avc: denied { name_connect } for pid=14925 comm="ruby" dest=9200 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1401814096.195:9181): arch=c000003e syscall=42 success=no exit=-111 a0=f a1=7fc6b922f610 a2=1c a3=ff00 items=0 ppid=1 pid=14925 auid=4294967295 uid=497 gid=498 euid=497 suid=497 fsuid=497 egid=498 sgid=498 fsgid=498 tty=(none) ses=4294967295 comm="ruby" exe="/opt/rh/ruby193/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null) Expected results: No AVC SELinux messages