Bug 1209794
Summary: | foreman-debug to skip USER_AVC SELinux audit "denials" | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Pavel Moravec <pmoravec> |
Component: | Foreman Debug | Assignee: | Lukas Zapletal <lzap> |
Status: | CLOSED ERRATA | QA Contact: | Corey Welton <cwelton> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1.0 | CC: | bbuckingham, cwelton, sthirugn |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
URL: | http://projects.theforeman.org/issues/11560 | ||
Whiteboard: | Verified in Upstream | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-07-27 08:50:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Pavel Moravec
2015-04-08 08:41:26 UTC
Created redmine issue http://projects.theforeman.org/issues/11560 from this bug Upstream bug component is Provisioning Upstream bug component is Provisioning Upstream bug component is Foreman Debug Moving to POST since upstream bug http://projects.theforeman.org/issues/11560 has been closed ------------- Lukas Zapletal Applied in changeset commit:ee2d45d090b81b00586fcccfcb524ea3bc272839. *** This bug is verified in upstream. This fix should eventually land in future downstream builds *** Version Tested: # rpm -qa | grep foreman nec-em17.rhts.eng.bos.redhat.com-foreman-client-1.0-1.noarch foreman-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch tfm-rubygem-hammer_cli_foreman_docker-0.0.3-4.el7.noarch nec-em17.rhts.eng.bos.redhat.com-foreman-proxy-client-1.0-1.noarch tfm-rubygem-hammer_cli_foreman-0.4.0-1.201510071112git33fd59b.el7.noarch foreman-debug-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch foreman-release-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch foreman-postgresql-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch foreman-vmware-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch tfm-rubygem-foreman_hooks-0.3.9-1.el7.noarch tfm-rubygem-foreman-tasks-0.7.6-1.fm1_10.el7.noarch tfm-rubygem-hammer_cli_foreman_tasks-0.0.8-1.el7.noarch tfm-rubygem-foreman_bootdisk-6.0.0-2.fm1_10.el7.noarch foreman-release-scl-1-1.el7.x86_64 foreman-libvirt-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch foreman-selinux-1.11.0-0.develop.201510071426git6234447.el7.noarch foreman-ovirt-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch tfm-rubygem-hammer_cli_foreman_bootdisk-0.1.3-3.el7.noarch tfm-rubygem-foreman_gutterball-0.0.1-3.el7.noarch nec-em17.rhts.eng.bos.redhat.com-foreman-proxy-1.0-2.noarch tfm-rubygem-foreman_discovery-4.1.0-1.fm1_10.el7.noarch tfm-rubygem-foreman_docker-1.4.1-2.fm1_10.el7.noarch foreman-proxy-1.11.0-0.develop.201510120849git5f36f2e.el7.noarch foreman-compute-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch foreman-gce-1.11.0-0.develop.201510121538gitb6b977a.el7.noarch steps: 1. e.g. on freshly installed RHEL7.1 and Sat6.1 (most probably reproducible anywhere), run foreman-debug 2. Check it's output and selinux_denials.log it generates # foreman-debug Exporting tasks, this may take a few minutes. HOSTNAME: nec-em17.rhts.eng.bos.redhat.com OS: redhat RELEASE: Red Hat Enterprise Linux Server release 7.1 (Maipo) FOREMAN: 1.11.0-develop RUBY: ruby 2.0.0p598 (2014-11-13) [x86_64-linux] PUPPET: 3.8.3 DENIALS: 0 selinux_denials.log without the USER_AVC logs type=USER_END msg=audit(1445418059.465:10232): pid=9339 uid=0 auid=993 ses=1194 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1445418059.871:10233): pid=9340 uid=0 auid=993 ses=1193 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1445418059.872:10234): pid=9340 uid=0 auid=993 ses=1193 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="foreman" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_ACCT msg=audit(1445418061.880:10235): pid=9482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1445418061.880:10236): pid=9482 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1445418061.880:10237): pid=9482 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 old-ses=4294967295 ses=1196 res=1 type=USER_START msg=audit(1445418061.888:10238): pid=9482 uid=0 auid=0 ses=1196 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1445418061.888:10239): pid=9482 uid=0 auid=0 ses=1196 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1445418061.908:10240): pid=9482 uid=0 auid=0 ses=1196 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1445418061.909:10241): pid=9482 uid=0 auid=0 ses=1196 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' Upstream bug assigned to lzap Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1500 |