Bug 1321781
| Summary: | [SELinux]: user_avc seen in audit logs while nfs-ganesha configuration in RHEL7 | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Shashank Raj <sraj> | |
| Component: | nfs-ganesha | Assignee: | Kaleb KEITHLEY <kkeithle> | |
| Status: | CLOSED ERRATA | QA Contact: | surabhi <sbhaloth> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | rhgs-3.1 | CC: | amukherj, jthottan, kkeithle, mzywusko, ndevos, nlevinki, pprakash, rcyriac, rhinduja, skoduri | |
| Target Milestone: | --- | |||
| Target Release: | RHGS 3.2.0 | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1321785 (view as bug list) | Environment: | ||
| Last Closed: | 2017-03-23 06:21:46 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1321785 | |||
| Bug Blocks: | 1351522 | |||
Selinux version: [root@dhcp46-247 ganesha]# rpm -qa|grep selinux selinux-policy-targeted-3.13.1-60.el7.noarch selinux-policy-3.13.1-60.el7.noarch There are no AVC's seen related to pcs,pacemaker,corosync or ganesha as mentioned in bz description on configuring gnaesha on rhel7.3 based layered install. nfs-ganesha-2.4.1-1.el7rhgs.x86_64 nfs-ganesha-gluster-2.4.1-1.el7rhgs.x86_64 glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64 selinux-policy-3.13.1-102.el7_3.4.noarch selinux-policy-targeted-3.13.1-102.el7_3.4.noarch Will verify once with the ISO installation and will update the BZ. Verified with ISO installation from RHGS3.1.3 upgraded to 3.2 bits and with latest SELinux policy build. Moving the BZ to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2017-0493.html |
Description of problem: user_avc seen in audit logs while nfs-ganesha configuration. Version-Release number of selected component (if applicable): 3.7.9-1 How reproducible: Always Steps to Reproduce: 1.Install a 4 node cluster. 2.Configure and setup nfs-ganesha on the cluster 3.Observed below user_avc in audit.log, however It doesn't hamper any functionality as of now type=USER_AVC msg=audit(1459157156.191:3548): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=0 cmdline="systemctl is-enabled corosync pacemaker pcsd" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? Terminal=?' Actual results: user_avc seen in audit logs while nfs-ganesha configuration. Expected results: Should not be seen Additional info: