Bug 1300813
Summary: | [RHEL-7.3] avc: denied { open } for pid=12786 comm="rhsmcertd-worke" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | PaulB <pbunyan> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Milos Malik <mmalik> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | aquini, bgoncalv, jburke, jstancek, lvrabec, mgrepl, mmalik, pbunyan, plautrba, pvrabec, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | ppc64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-02-12 08:15:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
PaulB
2016-01-21 19:23:21 UTC
All, Here is a reproducer targeting same ppc64 hosts: https://beaker.engineering.redhat.com/jobs/1195735 Best, -pbunyan It seems that the /usr/lib/python2.7/site-packages/ecdsa-0.13-py2.7.egg file is mislabeled. Following command should correct it: # restorecon -Rv /usr/lib/python2.7/site-packages Why it got mislabeled? Was the file moved from /tmp or /vat/tmp into the /usr/lib/python2.7/site-packages directory? It seems that AVCs appear before following things happen: Finished processing dependencies for paramiko==1.16.0 restorecon -R -v /usr/lib/python*/ restorecon reset /usr/lib/python2.7/site-packages/ecdsa-0.13-py2.7.egg context system_u:object_r:user_tmp_t:s0->system_u:object_r:lib_t:s0 restorecon reset /usr/lib/python2.7/site-packages/pycrypto-2.6.1-py2.7-linux-ppc64.egg context system_u:object_r:user_tmp_t:s0->system_u:object_r:lib_t:s0 INFO: Adding these info into /etc/hosts because the restorecon command corrects labels on both files. All, Here is another instance seen during automated testing: https://beaker.engineering.redhat.com/jobs/1198503 https://beaker.engineering.redhat.com/recipes/2432890 https://beaker.engineering.redhat.com/recipes/2432890#task37441266 Best, -pbunyan |