Description of problem:
after installation and systemctl start ovirt-guest-agent i see following:
# systemctl status -l ovirt-guest-agent -l
ovirt-guest-agent.service - oVirt Guest Agent
Loaded: loaded (/usr/lib/systemd/system/ovirt-guest-agent.service; enabled)
Active: active (running) since Fri 2014-10-03 11:11:39 EDT; 47s ago
Process: 19852 ExecStartPre=/bin/chown ovirtagent:ovirtagent /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS)
Process: 19850 ExecStartPre=/bin/touch /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS)
Process: 19848 ExecStartPre=/sbin/modprobe virtio_console (code=exited, status=0/SUCCESS)
Main PID: 19856 (python)
CGroup: /system.slice/ovirt-guest-agent.service
└─19856 /usr/bin/python /usr/share/ovirt-guest-agent/ovirt-guest-agent.py
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/share/ovirt-guest-agent/LockActiveSession.py", line 78, in GetSession
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: for session_path in GetSessions(manager):
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/share/ovirt-guest-agent/LockActiveSession.py", line 71, in GetSessions
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: return [x[4] for x in manager.ListSessions()]
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: **keywords)
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: message, timeout)
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: DBusException: org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.39" (uid=0 pid=19867 comm="/usr/bin/python /usr/share/ovirt-guest-agent/LockA") interface="org.freedesktop.login1.Manager" member="ListSessions" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=1144 comm="/usr/lib/systemd/systemd-logind ")
Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: ERROR:root:Error locking session (no active session).
type=USER_AVC msg=audit(1412349099.550:417): pid=1145 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.login1.Manager member=ListSessions dest=:1.1 spid=19867 tpid=1144 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
after restart i don't see it anymore...
# systemctl status -l ovirt-guest-agent -l
ovirt-guest-agent.service - oVirt Guest Agent
Loaded: loaded (/usr/lib/systemd/system/ovirt-guest-agent.service; enabled)
Active: active (running) since Fri 2014-10-03 11:19:21 EDT; 2s ago
Process: 19987 ExecStartPre=/bin/chown ovirtagent:ovirtagent /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS)
Process: 19985 ExecStartPre=/bin/touch /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS)
Process: 19981 ExecStartPre=/sbin/modprobe virtio_console (code=exited, status=0/SUCCESS)
Main PID: 19990 (python)
CGroup: /system.slice/ovirt-guest-agent.service
└─19990 /usr/bin/python /usr/share/ovirt-guest-agent/ovirt-guest-agent.py
Oct 03 11:19:21 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com systemd[1]: Starting oVirt Guest Agent...
Oct 03 11:19:21 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com systemd[1]: Started oVirt Guest Agent.
nothing special in ovirt-guest-agent.log
Version-Release number of selected component (if applicable):
rhevm-guest-agent-common-1.0.9-9.el7ev.noarch (av12.1)
How reproducible:
??
Steps to Reproduce:
1. just install and start and see status
2.
3.
Actual results:
some selinux/dbus spam
Expected results:
no spam
Additional info:
Comment 2Vinzenz Feenstra [evilissimo]
2014-10-07 09:24:56 UTC
It does not look PPC specific, but we never have encountered it on x86_64, nevertheless this is a problem in SELinux not the guest agent.
Moving this bug to RHEL
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2015-0458.html
Description of problem: after installation and systemctl start ovirt-guest-agent i see following: # systemctl status -l ovirt-guest-agent -l ovirt-guest-agent.service - oVirt Guest Agent Loaded: loaded (/usr/lib/systemd/system/ovirt-guest-agent.service; enabled) Active: active (running) since Fri 2014-10-03 11:11:39 EDT; 47s ago Process: 19852 ExecStartPre=/bin/chown ovirtagent:ovirtagent /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS) Process: 19850 ExecStartPre=/bin/touch /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS) Process: 19848 ExecStartPre=/sbin/modprobe virtio_console (code=exited, status=0/SUCCESS) Main PID: 19856 (python) CGroup: /system.slice/ovirt-guest-agent.service └─19856 /usr/bin/python /usr/share/ovirt-guest-agent/ovirt-guest-agent.py Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/share/ovirt-guest-agent/LockActiveSession.py", line 78, in GetSession Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: for session_path in GetSessions(manager): Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/share/ovirt-guest-agent/LockActiveSession.py", line 71, in GetSessions Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: return [x[4] for x in manager.ListSessions()] Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/lib64/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: **keywords) Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: File "/usr/lib64/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: message, timeout) Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: DBusException: org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.39" (uid=0 pid=19867 comm="/usr/bin/python /usr/share/ovirt-guest-agent/LockA") interface="org.freedesktop.login1.Manager" member="ListSessions" error name="(unset)" requested_reply="0" destination=":1.1" (uid=0 pid=1144 comm="/usr/lib/systemd/systemd-logind ") Oct 03 11:11:39 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com python[19856]: ERROR:root:Error locking session (no active session). type=USER_AVC msg=audit(1412349099.550:417): pid=1145 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.login1.Manager member=ListSessions dest=:1.1 spid=19867 tpid=1144 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' after restart i don't see it anymore... # systemctl status -l ovirt-guest-agent -l ovirt-guest-agent.service - oVirt Guest Agent Loaded: loaded (/usr/lib/systemd/system/ovirt-guest-agent.service; enabled) Active: active (running) since Fri 2014-10-03 11:19:21 EDT; 2s ago Process: 19987 ExecStartPre=/bin/chown ovirtagent:ovirtagent /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS) Process: 19985 ExecStartPre=/bin/touch /run/ovirt-guest-agent.pid (code=exited, status=0/SUCCESS) Process: 19981 ExecStartPre=/sbin/modprobe virtio_console (code=exited, status=0/SUCCESS) Main PID: 19990 (python) CGroup: /system.slice/ovirt-guest-agent.service └─19990 /usr/bin/python /usr/share/ovirt-guest-agent/ovirt-guest-agent.py Oct 03 11:19:21 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com systemd[1]: Starting oVirt Guest Agent... Oct 03 11:19:21 jb-rhel7-ppc64.rhev.lab.eng.brq.redhat.com systemd[1]: Started oVirt Guest Agent. nothing special in ovirt-guest-agent.log Version-Release number of selected component (if applicable): rhevm-guest-agent-common-1.0.9-9.el7ev.noarch (av12.1) How reproducible: ?? Steps to Reproduce: 1. just install and start and see status 2. 3. Actual results: some selinux/dbus spam Expected results: no spam Additional info: