Bug 1131955

Summary:

Instalation (load_policy) throws write selinux denial

Product:

Red Hat Satellite

Reporter:

Lukas Pramuk <lpramuk>

Component:

SELinux

Assignee:

Lukas Zapletal <lzap>

Status:

CLOSED ERRATA

QA Contact:

Tazim Kolhar <tkolhar>

Severity:

low

Docs Contact:

Priority:

unspecified

Version:

6.0.4

CC:

cwelton, dcleal, jhutar, lpramuk, mgrepl, tkolhar

Target Milestone:

Unspecified

Keywords:

Triaged

Target Release:

Unused

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2015-08-12 05:15:02 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
foreman-debug	none

Description Lukas Pramuk 2014-08-20 11:42:24 UTC

Description of problem:
Instalation (load_policy) throws write selinux denial.
 avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023

Version-Release number of selected component (if applicable):
Satellite-6.0.4-RHEL-6-20140813.2

How reproducible:
2 of 2 (once per instalation)

Steps to Reproduce:
1.Install Satellite 6 on RHEL6

Actual results:
time->Tue Aug 19 20:23:17 2014
type=SYSCALL msg=audit(1408494197.904:215): arch=c000003e syscall=59 success=yes exit=0 a0=3d83f80 a1=4135920 a2=0 a3=12 items=0 ppid=3775 pid=4231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408494197.904:215): avc:  denied  { write } for  pid=4231 comm="load_policy" path="/tmp/puppet20140819-5963-f89wh6-0" dev=dm-0 ino=2507669 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1408494197.904:215): avc:  denied  { write } for  pid=4231 comm="load_policy" path="/tmp/puppet20140819-5963-f89wh6-0" dev=dm-0 ino=2507669 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
---
time->Tue Aug 19 19:55:05 2014
type=SYSCALL msg=audit(1408492505.443:197): arch=c000003e syscall=59 success=yes exit=0 a0=3a0df80 a1=3dbf920 a2=0 a3=12 items=0 ppid=16639 pid=16796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408492505.443:197): avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1408492505.443:197): avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file


Expected results:
No AVCs are reported

Comment 1 RHEL Program Management 2014-08-20 11:52:59 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Lukas Zapletal 2014-08-20 20:04:02 UTC

Is the policy loaded?

semodule -l | grep foreman

Does it load properly?

foreman-selinux-enable

What are the domains?

ps axuwwwZ

Are your files correctly labeled?

foreman-selinux-relabel -nv

Please attach foreman-debug tarball or sosreport.

Comment 7 Miroslav Grepl 2014-08-25 18:36:54 UTC

This is a leak coming from puppet.

Comment 8 Lukas Zapletal 2014-08-25 19:07:14 UTC

Harmless, looks like a candidate for:

http://projects.theforeman.org/issues/7249

We can dontaudit this, we should not see this on RHEL7 (EPEL7) puppet.

Comment 9 Miroslav Grepl 2014-08-26 06:54:27 UTC

Yes, just dontaudit it.

Comment 11 Lukas Zapletal 2014-08-27 15:06:54 UTC

The rule is:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

Comment 12 Miroslav Grepl 2014-08-28 13:30:53 UTC

Lukas,
we have

userdom_dontaudit_read_user_tmp_files(load_policy_t)

in Fedora/RHEL7.

Comment 15 Tazim Kolhar 2014-11-21 11:25:25 UTC

VERIFIED:

*** This bug is verified in upstream. This fix should eventually land in future downstream builds ***

Version Tested:
# rpm -qa | grep foreman
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
ruby193-rubygem-foreman_abrt-0.0.4-1.el7.noarch
ruby193-rubygem-foreman_docker-0.2.0-2.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201411121216git9381fc5.el7.noarch
hp-dl380pgen8-02-vm-6.lab.bos.redhat.com-foreman-client-1.0-1.noarch
foreman-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-ovirt-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-2.el7.noarch
foreman-postgresql-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-compute-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-gce-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-libvirt-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-vmware-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-selinux-1.8.0-0.develop.201410280941git10de1c5.el7.noarch
foreman-proxy-1.8.0-0.develop.201411121327gitab6edc2.el7.noarch
hp-dl380pgen8-02-vm-6.lab.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-release-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch

# semodule -l | grep foreman
foreman	1.8.0.0	

# foreman-selinux-enable

# ps axuwwwZ
LABEL                           USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
system_u:system_r:init_t:s0     root         1  0.0  0.1 132764  6048 ?        Ss   Nov17   0:13 /usr/lib/systemd/systemd --system --deserialize 26
system_u:system_r:kernel_t:s0   root         2  0.0  0.0      0     0 ?        S    Nov17   0:00 [kthreadd]
system_u:system_r:kernel_t:s0   root         3  0.0  0.0      0     0 ?        S    Nov17   0:00 [ksoftirqd/0]
system_u:system_r:kernel_t:s0   root         5  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kworker/0:0H]
system_u:system_r:kernel_t:s0   root         7  0.0  0.0      0     0 ?        S    Nov17   0:02 [migration/0]
system_u:system_r:kernel_t:s0   root         8  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcu_bh]
system_u:system_r:kernel_t:s0   root         9  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcuob/0]
system_u:system_r:kernel_t:s0   root        10  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcuob/1]
system_u:system_r:kernel_t:s0   root        11  0.0  0.0      0     0 ?        S    Nov17   0:18 [rcu_sched]
system_u:system_r:kernel_t:s0   root        12  0.0  0.0      0     0 ?        S    Nov17   0:21 [rcuos/0]
system_u:system_r:kernel_t:s0   root        13  0.0  0.0      0     0 ?        S    Nov17   0:14 [rcuos/1]
system_u:system_r:kernel_t:s0   root        14  0.0  0.0      0     0 ?        S    Nov17   0:01 [watchdog/0]
system_u:system_r:kernel_t:s0   root        15  0.0  0.0      0     0 ?        S    Nov17   0:01 [watchdog/1]
system_u:system_r:kernel_t:s0   root        16  0.0  0.0      0     0 ?        S    Nov17   0:02 [migration/1]
system_u:system_r:kernel_t:s0   root        17  0.0  0.0      0     0 ?        S    Nov17   0:00 [ksoftirqd/1]
system_u:system_r:kernel_t:s0   root        19  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kworker/1:0H]
system_u:system_r:kernel_t:s0   root        20  0.0  0.0      0     0 ?        S<   Nov17   0:00 [khelper]
system_u:system_r:kernel_t:s0   root        21  0.0  0.0      0     0 ?        S    Nov17   0:00 [kdevtmpfs]
system_u:system_r:kernel_t:s0   root        22  0.0  0.0      0     0 ?        S<   Nov17   0:00 [netns]
system_u:system_r:kernel_t:s0   root        23  0.0  0.0      0     0 ?        S<   Nov17   0:00 [writeback]
system_u:system_r:kernel_t:s0   root        24  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kintegrityd]
system_u:system_r:kernel_t:s0   root        25  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root        26  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kblockd]
system_u:system_r:kernel_t:s0   root        27  0.0  0.0      0     0 ?        S    Nov17   0:00 [khubd]
system_u:system_r:kernel_t:s0   root        28  0.0  0.0      0     0 ?        S<   Nov17   0:00 [md]
system_u:system_r:kernel_t:s0   root        32  0.0  0.0      0     0 ?        S    Nov17   0:01 [kswapd0]
system_u:system_r:kernel_t:s0   root        33  0.0  0.0      0     0 ?        SN   Nov17   0:00 [ksmd]
system_u:system_r:kernel_t:s0   root        34  0.0  0.0      0     0 ?        SN   Nov17   0:02 [khugepaged]
system_u:system_r:kernel_t:s0   root        35  0.0  0.0      0     0 ?        S    Nov17   0:00 [fsnotify_mark]
system_u:system_r:kernel_t:s0   root        36  0.0  0.0      0     0 ?        S<   Nov17   0:00 [crypto]
system_u:system_r:kernel_t:s0   root        45  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kthrotld]
system_u:system_r:kernel_t:s0   root        47  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kmpath_rdacd]
system_u:system_r:kernel_t:s0   root        48  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kpsmoused]
system_u:system_r:kernel_t:s0   root        67  0.0  0.0      0     0 ?        S<   Nov17   0:00 [deferwq]
system_u:system_r:kernel_t:s0   root        94  0.0  0.0      0     0 ?        S    Nov17   0:00 [kauditd]
system_u:system_r:kernel_t:s0   root       245  0.0  0.0      0     0 ?        S<   Nov17   0:00 [ata_sff]
system_u:system_r:kernel_t:s0   root       246  0.0  0.0      0     0 ?        S    Nov17   0:00 [scsi_eh_0]
system_u:system_r:kernel_t:s0   root       249  0.0  0.0      0     0 ?        S    Nov17   0:00 [kworker/u4:2]
system_u:system_r:kernel_t:s0   root       252  0.0  0.0      0     0 ?        S<   Nov17   0:00 [scsi_tmf_0]
system_u:system_r:kernel_t:s0   root       254  0.0  0.0      0     0 ?        S    Nov17   0:00 [scsi_eh_1]
system_u:system_r:kernel_t:s0   root       255  0.0  0.0      0     0 ?        S<   Nov17   0:00 [scsi_tmf_1]
system_u:system_r:kernel_t:s0   root       259  0.0  0.0      0     0 ?        S<   Nov17   0:00 [ttm_swap]
system_u:system_r:kernel_t:s0   root       333  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kdmflush]
system_u:system_r:kernel_t:s0   root       334  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root       341  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kdmflush]
system_u:system_r:kernel_t:s0   root       342  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root       355  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfsalloc]
system_u:system_r:kernel_t:s0   root       356  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs_mru_cache]
system_u:system_r:kernel_t:s0   root       357  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfslogd]
system_u:system_r:kernel_t:s0   root       358  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-data/dm-1]
system_u:system_r:kernel_t:s0   root       359  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-conv/dm-1]
system_u:system_r:kernel_t:s0   root       360  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-cil/dm-1]
system_u:system_r:kernel_t:s0   root       361  0.0  0.0      0     0 ?        S<   Nov17   0:02 [kworker/1:1H]
system_u:system_r:kernel_t:s0   root       362  0.0  0.0      0     0 ?        S    Nov17   0:09 [xfsaild/dm-1]
system_u:system_r:syslogd_t:s0  root       434  0.0  0.3  51184 11856 ?        Ss   Nov17   0:17 /usr/lib/systemd/systemd-journald
system_u:system_r:lvm_t:s0      root       438  0.0  0.0 115016  1528 ?        Ss   Nov17   0:00 /usr/sbin/lvmetad -f
system_u:system_r:kernel_t:s0   root       453  0.0  0.0      0     0 ?        S<   Nov17   0:00 [rpciod]
system_u:system_r:kernel_t:s0   root       484  0.0  0.0      0     0 ?        S    Nov17   0:00 [vballoon]
system_u:system_r:kernel_t:s0   root       524  0.0  0.0      0     0 ?        S<   Nov17   0:00 [hd-audio0]
system_u:system_r:kernel_t:s0   root       542  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-data/vda1]
system_u:system_r:kernel_t:s0   root       543  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-conv/vda1]
system_u:system_r:kernel_t:s0   root       544  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-cil/vda1]
system_u:system_r:kernel_t:s0   root       545  0.0  0.0      0     0 ?        S    Nov17   0:00 [xfsaild/vda1]
system_u:system_r:auditd_t:s0   root       551  0.0  0.0  51136   872 ?        S<sl Nov17   0:00 /sbin/auditd -n
system_u:system_r:avahi_t:s0    avahi      582  0.0  0.0  28068  1048 ?        Ss   Nov17   1:44 avahi-daemon: running [hp-dl380pgen8-02-vm-6.local]
system_u:system_r:NetworkManager_t:s0 root 583  0.0  0.1 451908  6232 ?        Ssl  Nov17   0:34 /usr/sbin/NetworkManager --no-daemon
system_u:system_r:irqbalance_t:s0 root     586  0.0  0.0  19112   768 ?        Ss   Nov17   0:12 /usr/sbin/irqbalance --foreground
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 dbus 590 0.0  0.0 100680 1856 ? Ssl Nov17   0:07 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
system_u:system_r:avahi_t:s0    avahi      601  0.0  0.0  27944   168 ?        S    Nov17   0:00 avahi-daemon: chroot helper
system_u:system_r:getty_t:s0-s0:c0.c1023 root 608 0.0  0.0 110004 544 ttyS0    Ss+  Nov17   0:00 /sbin/agetty --keep-baud ttyS0 115200 38400 9600
system_u:system_r:getty_t:s0-s0:c0.c1023 root 609 0.0  0.0 110004 540 tty1     Ss+  Nov17   0:00 /sbin/agetty --noclear tty1
system_u:system_r:mdadm_t:s0    root       620  0.0  0.0   7828  1616 ?        Ss   Nov17   0:01 /sbin/iprinit --daemon
system_u:system_r:mdadm_t:s0    root       622  0.0  0.0   7828  1616 ?        Ss   Nov17   0:01 /sbin/iprupdate --daemon
system_u:system_r:mdadm_t:s0    root       632  0.0  0.0  39124    12 ?        Ss   Nov17   0:00 /sbin/iprdump --daemon
system_u:system_r:policykit_t:s0 polkitd   642  0.0  0.1 513992  4044 ?        Ssl  Nov17   0:00 /usr/lib/polkit-1/polkitd --no-debug
system_u:system_r:dhcpc_t:s0    root       662  0.0  0.3 102312 13232 ?        S    Nov17   0:00 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-99372c8b-deab-432a-8ab3-675f19f08352-eth0.lease -cf /var/lib/NetworkManager/dhclient-eth0.conf eth0
system_u:system_r:rpcbind_t:s0  rpc        901  0.0  0.0  39900  1072 ?        Ss   Nov17   0:00 /sbin/rpcbind -w
system_u:system_r:rpcd_t:s0     rpcuser    923  0.0  0.0  44472  1476 ?        Ss   Nov17   0:00 /sbin/rpc.statd
system_u:system_r:sendmail_t:s0 root       952  0.0  0.0  92916  2512 ?        Ss   Nov17   0:09 sendmail: accepting connections
system_u:system_r:sshd_t:s0-s0:c0.c1023 root 996 0.0  0.0 82956  2144 ?        Ss   Nov17   0:00 /usr/sbin/sshd -D
system_u:system_r:sendmail_t:s0 smmsp     1047  0.0  0.0  88360  1940 ?        Ss   Nov17   0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
system_u:system_r:abrt_t:s0-s0:c0.c1023 root 2331 0.0  0.1 212120 5328 ?       Ss   Nov20   0:00 /usr/sbin/abrtd -d -s
system_u:system_r:cupsd_t:s0-s0:c0.c1023 root 2570 0.0  0.0 177876 3792 ?      Ss   Nov20   0:00 /usr/sbin/cupsd -f
system_u:system_r:kernel_t:s0   root      3047  0.0  0.0      0     0 ?        S<   Nov20   0:00 [bioset]
system_u:system_r:httpd_t:s0    root      3592  0.0  0.2 185760  9396 ?        Ss   Nov20   0:05 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:passenger_t:s0 root     3614  0.0  0.0 214752  1792 ?        Ssl  Nov20   0:00 PassengerWatchdog
system_u:system_r:passenger_t:s0 root     3617  0.2  0.1 1028984 4280 ?        Sl   Nov20   2:40 PassengerHelperAgent
system_u:system_r:passenger_t:s0 nobody   3623  0.0  0.0 219576  3840 ?        Sl   Nov20   0:00 PassengerLoggingAgent
system_u:system_r:httpd_t:s0    apache    3633  0.0  1.6 933356 65196 ?        Sl   Nov20   0:28 (wsgi:pulp)     -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3634  0.0  0.2 188308 10740 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3635  0.0  0.2 188340 10748 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3636  0.0  0.2 188236 10628 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3637  0.0  0.2 188360 10740 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3638  0.0  0.2 188404 10808 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3639  0.0  0.2 188336 10720 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3640  0.0  0.2 188308 10720 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3641  0.0  0.2 188324 10724 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4695  0.0  0.2 188324 10692 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4709  0.0  0.2 188452 10852 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4710  0.0  0.2 188240 10600 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:passenger_t:s0 puppet   5165  0.0  1.5 294900 59608 ?        Sl   Nov20   0:10 Passenger RackApp: /etc/puppet/rack
system_u:system_r:kernel_t:s0   root      6585  0.0  0.0      0     0 ?        S    Nov20   0:00 [kworker/0:0]
system_u:system_r:kernel_t:s0   root      7520  0.0  0.0      0     0 ?        S<   Nov17   0:01 [kworker/0:1H]
system_u:system_r:init_t:s0     foreman+  8447  0.0  1.6 472868 65840 ?        Sl   Nov20   0:14 ruby /usr/share/foreman-proxy/bin/smart-proxy
system_u:system_r:passenger_t:s0 foreman  9401  0.0  9.1 907632 354700 ?       Sl   Nov20   0:44 Passenger RackApp: /usr/share/foreman
system_u:system_r:postgresql_t:s0 postgres 9405 0.0  0.2 234580  8220 ?        Ss   Nov20   0:00 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 9547 0.0  0.4 237092 15616 ?        Ss   Nov20   0:01 postgres: foreman foreman [local] idle
system_u:system_r:init_t:s0     root      9933  0.0  0.4 262504 16384 ?        Ss   Nov17   0:00 /usr/bin/python /usr/bin/beah-srv
system_u:system_r:init_t:s0     root      9934  0.0  0.5 273988 21896 ?        Ss   Nov17   0:03 /usr/bin/python /usr/bin/beah-beaker-backend
system_u:system_r:init_t:s0     root      9935  0.0  0.3 245160 15280 ?        Ss   Nov17   0:00 /usr/bin/python /usr/bin/beah-fwd-backend
system_u:system_r:init_t:s0     root     10373  0.0  0.5 167044 20384 ?        S    Nov17   1:03 /usr/bin/python /usr/bin/beah-rhts-task
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 11515 0.0  0.1 133432 4864 ? Ds 01:27   0:00 sshd: root@pts/0
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 11521 0.0  0.0 115352 2024 pts/0 Ss 01:27   0:00 -bash
system_u:system_r:syslogd_t:s0  root     17739  0.0  0.2 303512 10808 ?        Ssl  Nov20   0:03 /usr/sbin/rsyslogd -n
system_u:system_r:tuned_t:s0    root     17776  0.0  0.4 549984 17380 ?        Ssl  Nov20   0:08 /usr/bin/python -Es /usr/sbin/tuned -l -P
system_u:system_r:crond_t:s0-s0:c0.c1023 root 17857 0.0  0.0 25928 936 ?       Ss   Nov20   0:00 /usr/sbin/atd -f
system_u:system_r:rhsmcertd_t:s0 root    17877  0.0  0.0 113280   700 ?        Ss   Nov20   0:00 /usr/bin/rhsmcertd
system_u:system_r:systemd_logind_t:s0 root 17908 0.0  0.0 34684  1624 ?        Ss   Nov20   0:01 /usr/lib/systemd/systemd-logind
system_u:system_r:kernel_t:s0   root     24470  0.0  0.0      0     0 ?        S    Nov20   0:00 [kworker/u4:1]
system_u:system_r:kernel_t:s0   root     27043  0.0  0.0      0     0 ?        R    04:30   0:00 [kworker/0:2]
system_u:system_r:httpd_t:s0    apache   28337  0.0  0.2 188192 10468 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache   28341  0.0  0.2 188208 10572 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache   28342  0.0  0.2 188216 10568 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:initrc_t:s0   elastic+ 28599  0.2  5.1 1723788 201176 ?      Sl   Nov20   3:48 java -Xms256m -Xmx256m -Xss256k -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Delasticsearch -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid -Des.path.home=/usr/share/java/elasticsearch -cp :/usr/share/java/elasticsearch/lib/elasticsearch-0.90.10.jar:/usr/share/java/lucene4-core.jar:/usr/share/java/lucene4-contrib/*:/usr/share/java/sigar/sigar.jar -Des.config=/etc/elasticsearch/elasticsearch.yml -Des.path.conf=/etc/elasticsearch -Des.path.home=/usr/share/java/elasticsearch -Des.path.logs=/var/log/elasticsearch -Des.path.data=/var/lib/elasticsearch -Des.path.work=/tmp/elasticsearch -Des.path.plugins=/usr/share/java/elasticsearch/plugins org.elasticsearch.bootstrap.ElasticSearch
system_u:system_r:ntpd_t:s0     ntp      28808  0.0  0.0  29360  1424 ?        Ss   Nov20   0:03 /usr/sbin/ntpd -u ntp:ntp -g
system_u:system_r:passenger_t:s0 foreman 29184  1.4  7.1 1215032 277696 ?      Sl   05:17   0:51 dynflow_executor
system_u:system_r:postgresql_t:s0 postgres 29209 0.0  0.2 234632 8824 ?        Ss   05:18   0:01 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 29216 0.0  0.1 234576 7692 ?        Ss   05:18   0:00 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 29218 0.0  0.1 234576 6944 ?        Ss   05:18   0:00 postgres: foreman foreman [local] idle
system_u:system_r:crond_t:s0-s0:c0.c1023 root 29231 0.0  0.0 126332 1656 ?     Ss   Nov20   0:01 /usr/sbin/crond -n
system_u:system_r:postgresql_t:s0 postgres 29238 0.0  0.2 232552 9048 ?        S    Nov20   0:02 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
system_u:system_r:postgresql_t:s0 postgres 29239 0.0  0.0 192296 1876 ?        Ss   Nov20   0:00 postgres: logger process   
system_u:system_r:postgresql_t:s0 postgres 29241 0.0  0.4 232792 17100 ?       Ss   Nov20   0:01 postgres: checkpointer process   
system_u:system_r:postgresql_t:s0 postgres 29242 0.0  0.0 232552 2132 ?        Ss   Nov20   0:00 postgres: writer process   
system_u:system_r:postgresql_t:s0 postgres 29243 0.0  0.0 232552 2308 ?        Ss   Nov20   0:00 postgres: wal writer process   
system_u:system_r:postgresql_t:s0 postgres 29244 0.0  0.0 233688 3392 ?        Ss   Nov20   0:02 postgres: autovacuum launcher process   
system_u:system_r:postgresql_t:s0 postgres 29245 0.0  0.0 192692 2224 ?        Ss   Nov20   0:07 postgres: stats collector process   
system_u:system_r:udev_t:s0-s0:c0.c1023 root 29264 0.0  0.0 44232 3332 ?       Ss   Nov20   0:00 /usr/lib/systemd/systemd-udevd
system_u:system_r:mongod_t:s0   mongodb  29472  0.3  1.1 696436 43448 ?        Sl   Nov20   5:17 /usr/bin/mongod --quiet -f /etc/mongodb.conf run
system_u:system_r:init_t:s0     root     30056  0.0  1.2 259008 47640 ?        Ssl  Nov20   0:03 /usr/bin/ruby /usr/bin/puppet agent  --no-daemonize
system_u:system_r:postgresql_t:s0 postgres 30322 0.0  0.2 234844 7900 ?        Ss   05:43   0:00 postgres: candlepin candlepin 127.0.0.1(57699) idle
system_u:system_r:kernel_t:s0   root     30381  0.0  0.0      0     0 ?        S    05:44   0:00 [kworker/1:0]
system_u:system_r:qpidd_t:s0    qpidd    30832  0.1  1.1 352640 42908 ?        Ssl  Nov20   2:26 /usr/sbin/qpidd --config /etc/qpid/qpidd.conf
system_u:system_r:tomcat_t:s0   tomcat   31021  0.3  8.6 2521024 337632 ?      Sl   Nov20   4:09 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
system_u:system_r:postgresql_t:s0 postgres 31070 0.0  0.2 235172 8660 ?        Ss   Nov20   0:00 postgres: candlepin candlepin 127.0.0.1(38651) idle
system_u:system_r:kernel_t:s0   root     31415  0.0  0.0      0     0 ?        S    06:05   0:00 [kworker/1:1]
system_u:system_r:postgresql_t:s0 postgres 31421 0.0  0.1 235032 7216 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58125) idle
system_u:system_r:postgresql_t:s0 postgres 31422 0.0  0.1 234848 7560 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58126) idle
system_u:system_r:postgresql_t:s0 postgres 31423 0.0  0.1 234848 7576 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58127) idle
system_u:system_r:postgresql_t:s0 postgres 31424 0.0  0.1 234848 7504 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58128) idle
system_u:system_r:kernel_t:s0   root     31563  0.0  0.0      0     0 ?        S    06:10   0:00 [kworker/1:2]
system_u:system_r:celery_t:s0   apache   31620  0.5  0.6 696172 26880 ?        Ssl  Nov20   8:05 /usr/bin/python /usr/bin/celery beat --scheduler=pulp.server.async.scheduler.Scheduler
system_u:system_r:celery_t:s0   apache   31685  0.2  1.3 640224 51356 ?        Ssl  Nov20   3:27 /usr/bin/python /usr/bin/celery worker -A pulp.server.async.app -n resource_manager@%h -Q resource_manager -c 1 --events --umask 18
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 31709 0.0  0.0 130184 1448 pts/0 R+ 06:14   0:00 ps axuwwwZ
system_u:system_r:celery_t:s0   apache   31747  0.2  1.3 640184 51396 ?        Ssl  Nov20   3:25 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-0@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31749  0.2  1.2 640224 49248 ?        Ssl  Nov20   3:23 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-1@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31780  0.0  1.0 415820 40964 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -A pulp.server.async.app -n resource_manager@%h -Q resource_manager -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31828  0.0  1.0 417184 42452 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-0@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31846  0.0  1.0 415952 41248 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-1@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:passenger_t:s0 foreman 32383  0.0  2.7 538456 107888 ?       Sl   Nov20   0:00 dynflow_executor_monitor
[root@hp-dl380pgen8-02-vm-6 ~]# foreman-selinux-relabel -nv
/sbin/restorecon reset /usr/share/foreman/config/hooks context system_u:object_r:bin_t:s0->system_u:object_r:foreman_hook_t:s0
/sbin/restorecon reset /etc/foreman context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/database.yml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/email.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello/client.conf context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/settings.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/encryption_key.rb context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/client_cert.pem context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/client_key.pem context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/proxy_ca.pem context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0

Comment 16 Tazim Kolhar 2014-11-21 11:26:02 UTC

Created attachment 959659 [details]
foreman-debug

Comment 17 Bryan Kearney 2015-08-11 13:22:41 UTC

This bug is slated to be released with Satellite 6.1.

Comment 18 errata-xmlrpc 2015-08-12 05:15:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592