Bug 1286994
Summary: | the start of roundup service triggers SELinux denials | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Milos Malik <mmalik> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.7 | CC: | dwalsh, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.7.19-296.el6 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-21 09:44:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Milos Malik
2015-12-01 10:07:48 UTC
Actual results (permissive mode): ---- type=PATH msg=audit(12/01/2015 05:13:23.473:304) : item=0 name=/proc/meminfo inode=4026532034 dev=00:03 mode=file,444 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:proc_t:s0 nametype=NORMAL type=CWD msg=audit(12/01/2015 05:13:23.473:304) : cwd=/ type=SYSCALL msg=audit(12/01/2015 05:13:23.473:304) : arch=x86_64 syscall=open success=yes exit=3 a0=0x3ed495713e a1=O_RDONLY|O_CLOEXEC a2=0x1b6 a3=0x2 items=1 ppid=8091 pid=8092 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.473:304) : avc: denied { open } for pid=8092 comm=roundup-server name=meminfo dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=AVC msg=audit(12/01/2015 05:13:23.473:304) : avc: denied { read } for pid=8092 comm=roundup-server name=meminfo dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- type=SYSCALL msg=audit(12/01/2015 05:13:23.474:305) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x3 a1=0x7ffcfa967380 a2=0x7ffcfa967380 a3=0x2 items=0 ppid=8091 pid=8092 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.474:305) : avc: denied { getattr } for pid=8092 comm=roundup-server path=/proc/meminfo dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- type=PATH msg=audit(12/01/2015 05:13:23.684:306) : item=0 name=/etc/httpd/mime.types nametype=UNKNOWN type=CWD msg=audit(12/01/2015 05:13:23.684:306) : cwd=/ type=SYSCALL msg=audit(12/01/2015 05:13:23.684:306) : arch=x86_64 syscall=stat success=no exit=-2(No such file or directory) a0=0x19487a0 a1=0x7ffcfa967d60 a2=0x7ffcfa967d60 a3=0x20 items=1 ppid=1 pid=8095 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.684:306) : avc: denied { search } for pid=8095 comm=roundup-server name=httpd dev=vda1 ino=393268 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir ---- type=SYSCALL msg=audit(12/01/2015 05:13:23.994:307) : arch=x86_64 syscall=socket success=yes exit=5 a0=netlink a1=SOCK_RAW a2=ip a3=0xffffffff items=0 ppid=1 pid=8095 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.994:307) : avc: denied { create } for pid=8095 comm=roundup-server scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- type=SOCKADDR msg=audit(12/01/2015 05:13:23.996:308) : saddr=netlink pid:0 type=SYSCALL msg=audit(12/01/2015 05:13:23.996:308) : arch=x86_64 syscall=bind success=yes exit=0 a0=0x5 a1=0x7ffcfa967c70 a2=0xc a3=0xffffffff items=0 ppid=1 pid=8095 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.996:308) : avc: denied { bind } for pid=8095 comm=roundup-server scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- type=SOCKADDR msg=audit(12/01/2015 05:13:23.996:309) : saddr=netlink pid:8095 type=SYSCALL msg=audit(12/01/2015 05:13:23.996:309) : arch=x86_64 syscall=getsockname success=yes exit=0 a0=0x5 a1=0x7ffcfa967c70 a2=0x7ffcfa967c7c a3=0xffffffff items=0 ppid=1 pid=8095 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.996:309) : avc: denied { getattr } for pid=8095 comm=roundup-server scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- type=SOCKADDR msg=audit(12/01/2015 05:13:23.996:310) : saddr=netlink pid:0 type=SYSCALL msg=audit(12/01/2015 05:13:23.996:310) : arch=x86_64 syscall=sendto success=yes exit=20 a0=0x5 a1=0x7ffcfa967be0 a2=0x14 a3=0x0 items=0 ppid=1 pid=8095 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=3 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 05:13:23.996:310) : avc: denied { nlmsg_read } for pid=8095 comm=roundup-server scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- The roundup service also communicates with SSSD, when /etc/nsswitch.conf is configured in certain way, which triggers other AVCs in enforcing mode: ---- type=PATH msg=audit(12/01/2015 11:23:03.711:814) : item=0 name=/var/lib/sss/mc/passwd inode=25543 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sssd_var_lib_t:s0 nametype=NORMAL type=CWD msg=audit(12/01/2015 11:23:03.711:814) : cwd=/ type=SYSCALL msg=audit(12/01/2015 11:23:03.711:814) : arch=x86_64 syscall=open success=no exit=-13(Permission denied) a0=0x289dae0 a1=O_RDONLY|O_CLOEXEC a2=0x7ffc76f920ac a3=0x17 items=1 ppid=1 pid=26655 auid=root uid=root gid=roundup euid=root suid=root fsuid=root egid=roundup sgid=roundup fsgid=roundup tty=(none) ses=4 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 11:23:03.711:814) : avc: denied { search } for pid=26655 comm=roundup-server name=sss dev=vda3 ino=25543 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir ---- type=PATH msg=audit(12/01/2015 11:23:03.711:815) : item=0 name=(null) inode=25543 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sssd_var_lib_t:s0 nametype=NORMAL type=SOCKADDR msg=audit(12/01/2015 11:23:03.711:815) : saddr=local /var/lib/sss/pipes/nss type=SYSCALL msg=audit(12/01/2015 11:23:03.711:815) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7ffc76f92070 a2=0x6e a3=0x17 items=1 ppid=1 pid=26655 auid=root uid=root gid=roundup euid=root suid=root fsuid=root egid=roundup sgid=roundup fsgid=roundup tty=(none) ses=4 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 11:23:03.711:815) : avc: denied { search } for pid=26655 comm=roundup-server name=sss dev=vda3 ino=25543 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir ---- roundup-server <---> SSSD in permissive mode: ---- type=PATH msg=audit(12/01/2015 11:31:29.741:872) : item=0 name=/var/lib/sss/mc/passwd inode=460 dev=fc:03 mode=file,644 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sssd_public_t:s0 nametype=NORMAL type=CWD msg=audit(12/01/2015 11:31:29.741:872) : cwd=/ type=SYSCALL msg=audit(12/01/2015 11:31:29.741:872) : arch=x86_64 syscall=open success=yes exit=4 a0=0x1b60020 a1=O_RDONLY|O_CLOEXEC a2=0x7ffe65e4434c a3=0x7ffe65e43ff0 items=1 ppid=2837 pid=2838 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=4 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 11:31:29.741:872) : avc: denied { open } for pid=2838 comm=roundup-server name=passwd dev=vda3 ino=460 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file type=AVC msg=audit(12/01/2015 11:31:29.741:872) : avc: denied { read } for pid=2838 comm=roundup-server name=passwd dev=vda3 ino=460 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file type=AVC msg=audit(12/01/2015 11:31:29.741:872) : avc: denied { search } for pid=2838 comm=roundup-server name=mc dev=vda3 ino=25545 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=dir type=AVC msg=audit(12/01/2015 11:31:29.741:872) : avc: denied { search } for pid=2838 comm=roundup-server name=sss dev=vda3 ino=25543 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir ---- type=SYSCALL msg=audit(12/01/2015 11:31:29.741:873) : arch=x86_64 syscall=fstat success=yes exit=0 a0=0x4 a1=0x7ffe65e442b0 a2=0x7ffe65e442b0 a3=0x7ffe65e44020 items=0 ppid=2837 pid=2838 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=4 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 11:31:29.741:873) : avc: denied { getattr } for pid=2838 comm=roundup-server path=/var/lib/sss/mc/passwd dev=vda3 ino=460 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_public_t:s0 tclass=file ---- type=PATH msg=audit(12/01/2015 11:31:29.741:874) : item=0 name=(null) inode=370 dev=fc:03 mode=socket,666 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:sssd_var_lib_t:s0 nametype=NORMAL type=SOCKADDR msg=audit(12/01/2015 11:31:29.741:874) : saddr=local /var/lib/sss/pipes/nss type=SYSCALL msg=audit(12/01/2015 11:31:29.741:874) : arch=x86_64 syscall=connect success=yes exit=0 a0=0x5 a1=0x7ffe65e44310 a2=0x6e a3=0x7ffe65e43fa0 items=1 ppid=2837 pid=2838 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=4 comm=roundup-server exe=/usr/bin/python subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(12/01/2015 11:31:29.741:874) : avc: denied { connectto } for pid=2838 comm=roundup-server path=/var/lib/sss/pipes/nss scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:system_r:sssd_t:s0 tclass=unix_stream_socket type=AVC msg=audit(12/01/2015 11:31:29.741:874) : avc: denied { write } for pid=2838 comm=roundup-server name=nss dev=vda3 ino=370 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=sock_file ---- The automated TC triggers following SELinux denial in enforcing mode: ---- time->Mon Jan 11 21:34:31 2016 type=PATH msg=audit(1452544471.927:1315): item=0 name="/var/lib/roundup/trackers/default/config.ini" inode=657163 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:var_lib_t:s0 nametype=NORMAL type=CWD msg=audit(1452544471.927:1315): cwd="/" type=SYSCALL msg=audit(1452544471.927:1315): arch=40000003 syscall=195 success=no exit=-13 a0=98cbb20 a1=bf8351bc a2=36cff4 a3=98cbb20 items=1 ppid=1 pid=2951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1452544471.927:1315): avc: denied { getattr } for pid=2951 comm="roundup-server" path="/var/lib/roundup/trackers/default/config.ini" dev=dm-0 ino=657163 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file ---- because file context patterns expect that /var/lib/roundup is a regular file which is not true: # semanage fcontext -l | grep roundup_var_lib_t /var/lib/roundup(/.*)? regular file system_u:object_r:roundup_var_lib_t:s0 # matchpathcon /var/lib/roundup/ /var/lib/roundup system_u:object_r:var_lib_t:s0 # find /var/lib/roundup | wc -l 65 # Milos, Could we re-test this issue in permissive mode? Thanks. RHEL-6.8 enforcing mode: ---- time->Mon Oct 3 10:08:25 2016 type=SYSCALL msg=audit(1475503705.806:214): arch=c000003e syscall=2 success=no exit=-13 a0=7f2f97d3729e a1=80000 a2=1b6 a3=2 items=0 ppid=6110 pid=6111 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503705.806:214): avc: denied { read } for pid=6111 comm="roundup-server" name="meminfo" dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Mon Oct 3 10:08:25 2016 type=SYSCALL msg=audit(1475503705.918:215): arch=c000003e syscall=4 success=no exit=-13 a0=11c0120 a1=7ffc38a10250 a2=7ffc38a10250 a3=6f632f746c756166 items=0 ppid=1 pid=6114 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503705.918:215): avc: denied { getattr } for pid=6114 comm="roundup-server" path="/var/lib/roundup/trackers/default/config.ini" dev=vda1 ino=535435 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file ---- RHEL-6.8 permissive mode: ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.161:227): arch=c000003e syscall=2 success=yes exit=3 a0=7fb1d39dc29e a1=80000 a2=1b6 a3=2 items=0 ppid=11520 pid=11521 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.161:227): avc: denied { open } for pid=11521 comm="roundup-server" name="meminfo" dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=AVC msg=audit(1475503823.161:227): avc: denied { read } for pid=11521 comm="roundup-server" name="meminfo" dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.161:228): arch=c000003e syscall=5 success=yes exit=0 a0=3 a1=7ffcc13a6640 a2=7ffcc13a6640 a3=2 items=0 ppid=11520 pid=11521 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.161:228): avc: denied { getattr } for pid=11521 comm="roundup-server" path="/proc/meminfo" dev=proc ino=4026532034 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.272:229): arch=c000003e syscall=4 success=yes exit=0 a0=2c17120 a1=7ffcc13a6ac0 a2=7ffcc13a6ac0 a3=6f632f746c756166 items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.272:229): avc: denied { getattr } for pid=11524 comm="roundup-server" path="/var/lib/roundup/trackers/default/config.ini" dev=vda1 ino=535435 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.276:230): arch=c000003e syscall=2 success=yes exit=4 a0=2a56e20 a1=0 a2=1b6 a3=0 items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.276:230): avc: denied { open } for pid=11524 comm="roundup-server" name="config.ini" dev=vda1 ino=535435 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file type=AVC msg=audit(1475503823.276:230): avc: denied { read } for pid=11524 comm="roundup-server" name="config.ini" dev=vda1 ino=535435 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.301:231): arch=c000003e syscall=4 success=no exit=-2 a0=2cfda20 a1=7ffcc13a7020 a2=7ffcc13a7020 a3=20 items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.301:231): avc: denied { search } for pid=11524 comm="roundup-server" name="httpd" dev=vda1 ino=271872 scontext=unconfined_u:system_r:roundup_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.505:232): arch=c000003e syscall=41 success=yes exit=5 a0=10 a1=3 a2=0 a3=ffffffff items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.505:232): avc: denied { create } for pid=11524 comm="roundup-server" scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.507:233): arch=c000003e syscall=49 success=yes exit=0 a0=5 a1=7ffcc13a6f30 a2=c a3=ffffffff items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.507:233): avc: denied { bind } for pid=11524 comm="roundup-server" scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.507:234): arch=c000003e syscall=51 success=yes exit=0 a0=5 a1=7ffcc13a6f30 a2=7ffcc13a6f3c a3=ffffffff items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.507:234): avc: denied { getattr } for pid=11524 comm="roundup-server" scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- time->Mon Oct 3 10:10:23 2016 type=SYSCALL msg=audit(1475503823.507:235): arch=c000003e syscall=44 success=yes exit=20 a0=5 a1=7ffcc13a6ea0 a2=14 a3=0 items=0 ppid=1 pid=11524 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="roundup-server" exe="/usr/bin/python" subj=unconfined_u:system_r:roundup_t:s0 key=(null) type=AVC msg=audit(1475503823.507:235): avc: denied { nlmsg_read } for pid=11524 comm="roundup-server" scontext=unconfined_u:system_r:roundup_t:s0 tcontext=unconfined_u:system_r:roundup_t:s0 tclass=netlink_route_socket ---- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2017-0627.html |