Bug 1184791
| Summary: | avc denials for rpc.gssd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Steeve Goveas <sgoveas> |
| Component: | selinux-policy | Assignee: | Simon Sekidde <ssekidde> |
| Status: | CLOSED ERRATA | QA Contact: | Karel Srot <ksrot> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | ksrot, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.13.1-26.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 10:25:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1231623 | ||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2300.html |
Im seeing these avc errors when user accesses automount share Info: Searching AVC errors produced since 1421417022.01 (Fri Jan 16 19:33:42 2015) Searching logs... Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 01/16/2015 19:33:42 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.c5XElx 2>&1' ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:395): arch=c000003e syscall=250 success=yes exit=18 a0=b a1=28e2e231 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:395): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:396): arch=c000003e syscall=250 success=yes exit=18 a0=b a1=28e2e231 a2=7f8f87cb9460 a3=12 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:396): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:397): arch=c000003e syscall=250 success=yes exit=8 a0=b a1=3059e402 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:397): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:398): arch=c000003e syscall=250 success=yes exit=8 a0=b a1=3059e402 a2=7f8f87cb9460 a3=8 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:398): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:399): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:399): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:400): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87cb9520 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:400): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:401): arch=c000003e syscall=250 success=yes exit=18 a0=b a1=28e2e231 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:401): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.132:402): arch=c000003e syscall=250 success=yes exit=18 a0=b a1=28e2e231 a2=7f8f87cb9700 a3=12 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.132:402): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.133:403): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.133:403): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.133:404): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87cb9890 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.133:404): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:405): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:405): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:406): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87ceaf70 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:406): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:407): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:407): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:408): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87ceb770 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:408): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:409): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:409): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.134:410): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87ceb6e0 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.134:410): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.135:411): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=0 a3=0 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.135:411): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:46 2015 type=SYSCALL msg=audit(1421417026.135:412): arch=c000003e syscall=250 success=yes exit=16 a0=b a1=3df4a399 a2=7f8f87ceb2e0 a3=10 items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417026.135:412): avc: denied { read } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:47 2015 type=SYSCALL msg=audit(1421417027.667:413): arch=c000003e syscall=248 success=no exit=-13 a0=7f8f86dbd584 a1=7f8f87ceb070 a2=7f8f87cee6b0 a3=4fe items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417027.667:413): avc: denied { write } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key ---- time->Fri Jan 16 19:33:47 2015 type=SYSCALL msg=audit(1421417027.676:414): arch=c000003e syscall=248 success=no exit=-13 a0=7f8f86dbd584 a1=7f8f87ceb030 a2=7f8f87ced1c0 a3=22e items=0 ppid=19775 pid=20085 auid=4294967295 uid=175001103 gid=175001103 euid=175001103 suid=0 fsuid=175001103 egid=175001103 sgid=0 fsgid=175001103 tty=(none) ses=4294967295 comm="rpc.gssd" exe="/usr/sbin/rpc.gssd" subj=system_u:system_r:gssd_t:s0 key=(null) type=AVC msg=audit(1421417027.676:414): avc: denied { write } for pid=20085 comm="rpc.gssd" scontext=system_u:system_r:gssd_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=key Fail: AVC messages found. Checking for errors... Using stronger AVC checks. Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems. Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.c5XElx | /sbin/ausearch -m AVC -m SELINUX_ERR' Fail: AVC messages found. Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.hxCTx1 2>&1' Info: No AVC messages found. /bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log No AVC messages found in dmesg Running '/usr/sbin/sestatus' SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 Running 'rpm -q selinux-policy || true' selinux-policy-3.13.1-16.el7.noarch