Bug 1211719
| Summary: | selinux audit failures on openvswitch in rdo kilo | ||
|---|---|---|---|
| Product: | [Community] RDO | Reporter: | wes hayutin <whayutin> |
| Component: | openstack-selinux | Assignee: | Ryan Hallisey <rhallise> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ofer Blaut <oblaut> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | trunk | CC: | apevec, chrisw, yeylon |
| Target Milestone: | --- | ||
| Target Release: | Kilo | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-08-26 15:35:25 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This should be resolved: https://cbs.centos.org/koji/buildinfo?buildID=1426 |
Description of problem: type=AVC msg=audit(1428973033.595:7478): avc: denied { dac_override } for pid=17446 comm="revalidator_3" capability=1 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=capability type=AVC msg=audit(1428973033.595:7479): avc: denied { write } for pid=17446 comm="revalidator_3" name="/" dev="vda1" ino=128 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=AVC msg=audit(1428973033.595:7480): avc: denied { add_name } for pid=17446 comm="revalidator_3" name="core.17331" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=AVC msg=audit(1428973033.595:7481): avc: denied { create } for pid=17446 comm="revalidator_3" name="core.17331" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file type=AVC msg=audit(1428973033.595:7482): avc: denied { read write open } for pid=17446 comm="revalidator_3" path="/core.17331" dev="vda1" ino=421231 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file See job https://prod-rdojenkins.rhcloud.com/view/RDO-Trunk/job/khaleesi-rdo-kilo-delorean-centos-7.0-aio-packstack-neutron-ml2-vxlan-qpidd-tempest-rpm-minimal/19/consoleFull for logs and details