Bug 1329475
| Summary: | Selinux denials while starting rhsmcertd service | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Shwetha Kallesh <skallesh> | |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | |
| Status: | CLOSED ERRATA | QA Contact: | Stefan Kremen <skremen> | |
| Severity: | high | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.3 | CC: | jsefler, lvrabec, mgrepl, mmalik, plautrba, pvrabec, skremen, ssekidde, vrjain | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | selinux-policy-3.13.1-89.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1331457 (view as bug list) | Environment: | ||
| Last Closed: | 2016-11-04 02:26:58 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1331457 | |||
No denials are found when rhsmcertd service is started and also demon successfully updates the certificates with following selinux-policy version
-bash-4.2# rpm -qa | grep selinux-policy
selinux-policy-3.13.1-89.el7.noarch
selinux-policy-targeted-3.13.1-89.el7.noarch
-bash-4.2# subscription-manager remove --all
1 subscription removed at the server.
1 local certificate has been deleted.
-bash-4.2# service auditd restart
Stopping logging: [ OK ]
Redirecting start to /bin/systemctl start auditd.service
-bash-4.2# setenforce 1
-bash-4.2# restorecon -Rv /etc /run /var
restorecon: Warning no default label for /run/lvmetad.pid
restorecon: Warning no default label for /run/lock/subsys
restorecon: Warning no default label for /run/lock/subsys/rhnsd
restorecon: Warning no default label for /run/lock/subsys/network
restorecon: Warning no default label for /run/initramfs
restorecon: Warning no default label for /run/initramfs/rwtab
restorecon: Warning no default label for /run/initramfs/state
restorecon: Warning no default label for /run/initramfs/state/var
restorecon: Warning no default label for /run/initramfs/state/var/lib
restorecon: Warning no default label for /run/initramfs/state/var/lib/dhclient
restorecon: Warning no default label for /run/initramfs/state/etc
restorecon: Warning no default label for /run/initramfs/state/etc/sysconfig
restorecon: Warning no default label for /run/initramfs/state/etc/sysconfig/network-scripts
restorecon: Warning no default label for /run/initramfs/.need_shutdown
restorecon: Warning no default label for /run/initramfs/log
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-rtkit-daemon.service-PXkT60
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-rtkit-daemon.service-PXkT60/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-cups.service-C0tryI
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-cups.service-C0tryI/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-colord.service-uiheKg
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-colord.service-uiheKg/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-systemd-machined.service-dqjlXJ
restorecon: Warning no default label for /var/tmp/systemd-private-d20cd7139e8f4b26abd415b824b62c33-systemd-machined.service-dqjlXJ/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-rtkit-daemon.service-Md2Xgx
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-rtkit-daemon.service-Md2Xgx/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-cups.service-mhjPR7
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-cups.service-mhjPR7/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-colord.service-htSI21
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-colord.service-htSI21/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-systemd-machined.service-IMFPiT
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-systemd-machined.service-IMFPiT/tmp
restorecon: Warning no default label for /var/tmp/yum-root-FUiPei
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-ntpd.service-9o8VLV
restorecon: Warning no default label for /var/tmp/systemd-private-6873bc2571b74af3a971fc271c7813e7-ntpd.service-9o8VLV/tmp
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160711184513.tar.xz
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160711184513.tar.xz.md5
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-rtkit-daemon.service-KXIiOS
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-rtkit-daemon.service-KXIiOS/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-cups.service-12VTQ9
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-cups.service-12VTQ9/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-colord.service-d3GPkL
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-colord.service-d3GPkL/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-systemd-machined.service-VfOqOE
restorecon: Warning no default label for /var/tmp/systemd-private-7acff4ee59f3464db67fd544c366f043-systemd-machined.service-VfOqOE/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-rtkit-daemon.service-DEkGLH
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-rtkit-daemon.service-DEkGLH/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-cups.service-W3fuSR
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-cups.service-W3fuSR/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-colord.service-57RpKf
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-colord.service-57RpKf/tmp
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-systemd-machined.service-3FaDFg
restorecon: Warning no default label for /var/tmp/systemd-private-9dfe68a112934821b9ecfb41c27d2d0d-systemd-machined.service-3FaDFg/tmp
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160621193926.tar.xz
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160621193926.tar.xz.md5
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160622160626.tar.xz
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160622160626.tar.xz.md5
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160701194524.tar.xz
restorecon: Warning no default label for /var/tmp/sosreport-shwetha-workstation.usersys.redhat.com-20160701194524.tar.xz.md5
-bash-4.2# START_DATE_TIME=`date "+%m/%d/%Y %T"`
-bash-4.2# service rhsmcertd restart
Redirecting to /bin/systemctl restart rhsmcertd.service
-bash-4.2# sleep 120
-bash-4.2# ausearch -m AVC -m USER_AVC -m SELINUX_ERR -i -ts ${START_DATE_TIME}
<no matches>
-bash-4.2#
-bash-4.2# subscription-manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Red Hat Enterprise Linux OpenStack Platform, Standard (2-sockets)
Provides: Oracle Java (for RHEL Server)
Red Hat Ceph Storage Calamari
Red Hat Enterprise Linux Server
Red Hat OpenStack Beta
Red Hat Enterprise MRG Messaging
dotNET on RHEL Beta (for RHEL Server)
Red Hat Software Collections (for RHEL Server)
Red Hat Beta
Red Hat Ceph Storage MON
dotNET on RHEL (for RHEL Server)
Red Hat Software Collections Beta (for RHEL Server)
Red Hat OpenStack
Red Hat Enterprise Linux Load Balancer (for RHEL Server)
Red Hat Ceph Storage
Red Hat CloudForms
Red Hat Enterprise Linux High Availability (for RHEL Server)
SKU: MCT2887
Contract:
Account:
Serial: 1429024697739920556
Pool ID: 8a99f98a55f48bdc0155fd5be4242613
Provides Management: No
Active: True
Quantity Used: 1
Service Level: Standard
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Stackable
Starts: 07/17/2016
Ends: 07/17/2017
System Type: Physical
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html |
Description of problem: Selinux denials are observed while starting rhsmcertd service , hence certs are not automatically updated Version-Release number of selected component (if applicable): [root@dhcp35-180 ~]# rpm -qa | grep selinux-policy selinux-policy-3.13.1-60.el7_2.3.noarch selinux-policy-targeted-3.13.1-60.el7_2.3.noarch [root@dhcp35-180 ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.0.10-1 subscription management rules: 5.20 subscription-manager: 1.15.9-15.el7 python-rhsm: 1.15.4-5.el7 [root@dhcp35-180 ~]# How reproducible: Steps to Reproduce: [root@dhcp35-180 ~]# service auditd restart Stopping logging: [ OK ] Redirecting start to /bin/systemctl start auditd.service [root@dhcp35-180 ~]# setenforce 1 [root@dhcp35-180 ~]# restorecon -Rv /etc /run /var restorecon reset /etc/grub.d/00_tuned context system_u:object_r:usr_t:s0->system_u:object_r:etc_t:s0 restorecon reset /run/user/1000/keyring context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:gkeyringd_tmp_t:s0 restorecon reset /run/user/1000/keyring/ssh context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:gkeyringd_tmp_t:s0 restorecon reset /run/user/1000/keyring/pkcs11 context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:gkeyringd_tmp_t:s0 restorecon reset /run/user/1000/keyring/gpg context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:gkeyringd_tmp_t:s0 restorecon reset /run/user/1000/keyring/control context unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:gkeyringd_tmp_t:s0 restorecon: Warning no default label for /run/lvmetad.pid restorecon: Warning no default label for /run/lock/subsys restorecon: Warning no default label for /run/lock/subsys/rhnsd restorecon: Warning no default label for /run/lock/subsys/network restorecon: Warning no default label for /run/initramfs restorecon: Warning no default label for /run/initramfs/rwtab restorecon: Warning no default label for /run/initramfs/state restorecon: Warning no default label for /run/initramfs/state/var restorecon: Warning no default label for /run/initramfs/state/var/lib restorecon: Warning no default label for /run/initramfs/state/var/lib/dhclient restorecon: Warning no default label for /run/initramfs/state/etc restorecon: Warning no default label for /run/initramfs/state/etc/sysconfig restorecon: Warning no default label for /run/initramfs/state/etc/sysconfig/network-scripts restorecon: Warning no default label for /run/initramfs/.need_shutdown restorecon: Warning no default label for /run/initramfs/log restorecon reset /var/log/Xorg.9.log.old context system_u:object_r:var_log_t:s0->system_u:object_r:xserver_log_t:s0 restorecon reset /var/log/Xorg.9.log context system_u:object_r:var_log_t:s0->system_u:object_r:xserver_log_t:s0 restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-rtkit-daemon.service-QMfsH6 restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-rtkit-daemon.service-QMfsH6/tmp restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-spice-vdagentd.service-pw4hGA restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-spice-vdagentd.service-pw4hGA/tmp restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-cups.service-UJJq5H restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-cups.service-UJJq5H/tmp restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-colord.service-CdxxzH restorecon: Warning no default label for /var/tmp/systemd-private-dd81f27b3c1c4d7ba3e31f118a0fc920-colord.service-CdxxzH/tmp [root@dhcp35-180 ~]# [root@dhcp35-180 ~]# START_DATE_TIME=`date "+%m/%d/%Y %T"` [root@dhcp35-180 ~]# service rhsmcertd restart Redirecting to /bin/systemctl restart rhsmcertd.service [root@dhcp35-180 ~]# sleep 120 [root@dhcp35-180 ~]# ausearch -m AVC -m USER_AVC -m SELINUX_ERR -i -ts ${START_DATE_TIME} ---- type=SYSCALL msg=audit(04/21/2016 19:12:42.277:742) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7fff8c911470 a2=0x10 a3=0x79 items=0 ppid=7715 pid=7753 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(04/21/2016 19:12:42.277:742) : avc: denied { name_connect } for pid=7753 comm=rhsmcertd-worke dest=3129 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:netport_port_t:s0 tclass=tcp_socket ---- type=SYSCALL msg=audit(04/21/2016 19:12:42.286:743) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7fff8c911230 a2=0x10 a3=0x79 items=0 ppid=7715 pid=7753 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(04/21/2016 19:12:42.286:743) : avc: denied { name_connect } for pid=7753 comm=rhsmcertd-worke dest=3129 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:netport_port_t:s0 tclass=tcp_socket ---- type=SYSCALL msg=audit(04/21/2016 19:12:42.539:744) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7ffd2ef92590 a2=0x10 a3=0x79 items=0 ppid=7715 pid=7756 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(04/21/2016 19:12:42.539:744) : avc: denied { name_connect } for pid=7756 comm=rhsmcertd-worke dest=3129 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:netport_port_t:s0 tclass=tcp_socket ---- type=SYSCALL msg=audit(04/21/2016 19:12:42.543:745) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7ffd2ef924f0 a2=0x10 a3=0x79 items=0 ppid=7715 pid=7756 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(04/21/2016 19:12:42.543:745) : avc: denied { name_connect } for pid=7756 comm=rhsmcertd-worke dest=3129 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:netport_port_t:s0 tclass=tcp_socket ---- type=SYSCALL msg=audit(04/21/2016 19:12:42.553:746) : arch=x86_64 syscall=connect success=no exit=-13(Permission denied) a0=0x5 a1=0x7ffd2ef91d90 a2=0x10 a3=0x79 items=0 ppid=7715 pid=7756 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null) type=AVC msg=audit(04/21/2016 19:12:42.553:746) : avc: denied { name_connect } for pid=7756 comm=rhsmcertd-worke dest=3129 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:netport_port_t:s0 tclass=tcp_socket [root@dhcp35-180 ~]# [root@dhcp35-180 ~]# ps -efZ | grep unconfined_service_t unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 16672 16563 0 08:47 pts/0 00:00:00 grep --color=auto unconfined_service_t [root@dhcp35-180 ~]# ps -efZ | grep rhsmd unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 16644 16563 0 08:45 pts/0 00:00:00 grep --color=auto rhsmd Actual results: Expected results: Additional info: [root@dhcp35-180 ~]# tail -f /var/log/rhsm/rhsm.log 2016-04-21 19:12:44,213 [DEBUG] rhsmcertd-worker:7756 @hwprobe.py:776 - virt-what stdout: kvm 2016-04-21 19:12:44,213 [DEBUG] rhsmcertd-worker:7756 @hwprobe.py:777 - virt-what stderr: 2016-04-21 19:12:44,219 [INFO] rhsmcertd-worker:7756 @hwprobe.py:854 - collected virt facts: virt.is_guest=True, virt.host_type=kvm, virt.uuid=e30c6f0f-5e35-4513-99c8-03260090e0f1 2016-04-21 19:12:44,219 [DEBUG] rhsmcertd-worker:7756 @factlib.py:105 - Facts have not changed, skipping upload. 2016-04-21 19:12:44,220 [DEBUG] rhsmcertd-worker:7756 @base_action_client.py:85 - running lib: <subscription_manager.packageprofilelib.PackageProfileActionInvoker object at 0x18d85d0> 2016-04-21 19:12:44,220 [INFO] rhsmcertd-worker:7756 @cache.py:382 - Server does not support packages, skipping profile upload. 2016-04-21 19:12:44,220 [DEBUG] rhsmcertd-worker:7756 @base_action_client.py:85 - running lib: <subscription_manager.installedproductslib.InstalledProductsActionInvoker object at 0x18d8f10> 2016-04-21 19:12:44,220 [DEBUG] rhsmcertd-worker:7756 @cache.py:138 - Checking current system info against cache: /var/lib/rhsm/cache/installed_products.json 2016-04-21 19:12:44,221 [DEBUG] rhsmcertd-worker:7756 @cache.py:155 - No changes. 2016-04-21 19:17:01,684 [DEBUG] rhsmcertd-worker:7887 @base_action_client.py:85 - running lib: <subscription_manager.installedproductslib.InstalledProductsActionInvoker object at 0x2505590> 2016-04-21 19:17:01,685 [INFO] rhsmcertd-worker:7887 @connection.py:778 - Connection built: http_proxy=auto-services.usersys.redhat.com:3129 host=10.70.35.236 port=8443 handler=/candlepin auth=identity_cert ca_dir=/etc/rhsm/ca/ verify=False 2016-04-21 19:17:01,686 [DEBUG] rhsmcertd-worker:7887 @identity.py:131 - Loading consumer info from identity certificates. 2016-04-21 19:17:01,686 [DEBUG] rhsmcertd-worker:7887 @cache.py:138 - Checking current system info against cache: /var/lib/rhsm/cache/installed_products.json 2016-04-21 19:17:01,687 [DEBUG] rhsmcertd-worker:7887 @cache.py:155 - No changes. 2016-04-21 19:17:01,687 [DEBUG] rhsmcertd-worker:7887 @base_action_client.py:85 - running lib: <subscription_manager.healinglib.HealingActionInvoker object at 0x2505dd0> 2016-04-21 19:17:01,687 [DEBUG] rhsmcertd-worker:7887 @plugins.py:569 - loaded plugin modules: [] 2016-04-21 19:17:01,687 [DEBUG] rhsmcertd-worker:7887 @plugins.py:570 - loaded plugins: {} 2016-04-21 19:17:01,688 [DEBUG] rhsmcertd-worker:7887 @connection.py:475 - Loaded CA certificates from /etc/rhsm/ca/: redhat-uep.pem, candlepin-ca.pem 2016-04-21 19:17:01,688 [DEBUG] rhsmcertd-worker:7887 @connection.py:508 - Using proxy: auto-services.usersys.redhat.com:3129 2016-04-21 19:17:01,689 [DEBUG] rhsmcertd-worker:7887 @connection.py:523 - Making request: GET https://10.70.35.236:8443/candlepin/consumers/8a41c9da-4c79-436b-96a4-d5e1ae884eb9 2016-04-21 19:17:02,060 [WARNING] rhsmcertd-worker:7887 @base_action_client.py:72 - Exception caught while running <subscription_manager.healinglib.HealingActionInvoker object at 0x2505dd0> update 2016-04-21 19:17:02,060 [ERROR] rhsmcertd-worker:7887 @base_action_client.py:73 - [Errno 13] Permission denied Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/base_action_client.py", line 63, in _run_update update_report = lib.update() File "/usr/share/rhsm/subscription_manager/certlib.py", line 31, in update self.report = self.locker.run(self._do_update) File "/usr/share/rhsm/subscription_manager/certlib.py", line 17, in run return action() File "/usr/share/rhsm/subscription_manager/healinglib.py", line 41, in _do_update return action.perform() File "/usr/share/rhsm/subscription_manager/healinglib.py", line 75, in perform consumer = self.uep.getConsumer(uuid) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 1001, in getConsumer return self.conn.request_get(method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in request_get return self._request("GET", method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 537, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.7/httplib.py", line 979, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1013, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 241, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect HTTPConnection.connect(self) File "/usr/lib64/python2.7/httplib.py", line 778, in connect self.timeout, self.source_address) File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err error: [Errno 13] Permission denied 2016-04-21 19:17:02,062 [DEBUG] rhsmcertd-worker:7887 @base_action_client.py:85 - running lib: <subscription_manager.entcertlib.EntCertActionInvoker object at 0x24c63d0> 2016-04-21 19:17:02,062 [DEBUG] rhsmcertd-worker:7887 @connection.py:475 - Loaded CA certificates from /etc/rhsm/ca/: redhat-uep.pem, candlepin-ca.pem 2016-04-21 19:17:02,063 [DEBUG] rhsmcertd-worker:7887 @connection.py:508 - Using proxy: auto-services.usersys.redhat.com:3129 2016-04-21 19:17:02,063 [DEBUG] rhsmcertd-worker:7887 @connection.py:523 - Making request: GET https://10.70.35.236:8443/candlepin/consumers/8a41c9da-4c79-436b-96a4-d5e1ae884eb9/certificates/serials 2016-04-21 19:17:02,067 [ERROR] rhsmcertd-worker:7887 @entcertlib.py:121 - [Errno 13] Permission denied Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 119, in perform expected = self._get_expected_serials() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 254, in _get_expected_serials exp = self.get_certificate_serials_list() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 234, in get_certificate_serials_list reply = self.uep.getCertificateSerials(identity.uuid) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 1097, in getCertificateSerials return self.conn.request_get(method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in request_get return self._request("GET", method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 537, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.7/httplib.py", line 979, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1013, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 241, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect HTTPConnection.connect(self) File "/usr/lib64/python2.7/httplib.py", line 778, in connect self.timeout, self.source_address) File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err error: [Errno 13] Permission denied 2016-04-21 19:17:02,067 [ERROR] rhsmcertd-worker:7887 @entcertlib.py:122 - Cannot modify subscriptions while disconnected 2016-04-21 19:17:02,068 [WARNING] rhsmcertd-worker:7887 @base_action_client.py:72 - Exception caught while running <subscription_manager.entcertlib.EntCertActionInvoker object at 0x24c63d0> update 2016-04-21 19:17:02,068 [ERROR] rhsmcertd-worker:7887 @base_action_client.py:73 - Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/base_action_client.py", line 63, in _run_update update_report = lib.update() File "/usr/share/rhsm/subscription_manager/certlib.py", line 31, in update self.report = self.locker.run(self._do_update) File "/usr/share/rhsm/subscription_manager/certlib.py", line 17, in run return action() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 43, in _do_update return action.perform() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 123, in perform raise Disconnected() Disconnected 2016-04-21 19:17:02,315 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.entcertlib.EntCertActionInvoker object at 0x10c43d0> 2016-04-21 19:17:02,315 [INFO] rhsmcertd-worker:7890 @connection.py:778 - Connection built: http_proxy=auto-services.usersys.redhat.com:3129 host=10.70.35.236 port=8443 handler=/candlepin auth=identity_cert ca_dir=/etc/rhsm/ca/ verify=False 2016-04-21 19:17:02,315 [DEBUG] rhsmcertd-worker:7890 @identity.py:131 - Loading consumer info from identity certificates. 2016-04-21 19:17:02,316 [DEBUG] rhsmcertd-worker:7890 @connection.py:475 - Loaded CA certificates from /etc/rhsm/ca/: redhat-uep.pem, candlepin-ca.pem 2016-04-21 19:17:02,317 [DEBUG] rhsmcertd-worker:7890 @connection.py:508 - Using proxy: auto-services.usersys.redhat.com:3129 2016-04-21 19:17:02,317 [DEBUG] rhsmcertd-worker:7890 @connection.py:523 - Making request: GET https://10.70.35.236:8443/candlepin/consumers/8a41c9da-4c79-436b-96a4-d5e1ae884eb9/certificates/serials 2016-04-21 19:17:02,320 [ERROR] rhsmcertd-worker:7890 @entcertlib.py:121 - [Errno 13] Permission denied Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 119, in perform expected = self._get_expected_serials() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 254, in _get_expected_serials exp = self.get_certificate_serials_list() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 234, in get_certificate_serials_list reply = self.uep.getCertificateSerials(identity.uuid) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 1097, in getCertificateSerials return self.conn.request_get(method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in request_get return self._request("GET", method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 537, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.7/httplib.py", line 979, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1013, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 241, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect HTTPConnection.connect(self) File "/usr/lib64/python2.7/httplib.py", line 778, in connect self.timeout, self.source_address) File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err error: [Errno 13] Permission denied 2016-04-21 19:17:02,321 [ERROR] rhsmcertd-worker:7890 @entcertlib.py:122 - Cannot modify subscriptions while disconnected 2016-04-21 19:17:02,322 [WARNING] rhsmcertd-worker:7890 @base_action_client.py:72 - Exception caught while running <subscription_manager.entcertlib.EntCertActionInvoker object at 0x10c43d0> update 2016-04-21 19:17:02,322 [ERROR] rhsmcertd-worker:7890 @base_action_client.py:73 - Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/base_action_client.py", line 63, in _run_update update_report = lib.update() File "/usr/share/rhsm/subscription_manager/certlib.py", line 31, in update self.report = self.locker.run(self._do_update) File "/usr/share/rhsm/subscription_manager/certlib.py", line 17, in run return action() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 43, in _do_update return action.perform() File "/usr/share/rhsm/subscription_manager/entcertlib.py", line 123, in perform raise Disconnected() Disconnected 2016-04-21 19:17:02,322 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.identitycertlib.IdentityCertActionInvoker object at 0x1105fd0> 2016-04-21 19:17:02,323 [DEBUG] rhsmcertd-worker:7890 @connection.py:475 - Loaded CA certificates from /etc/rhsm/ca/: redhat-uep.pem, candlepin-ca.pem 2016-04-21 19:17:02,323 [DEBUG] rhsmcertd-worker:7890 @connection.py:508 - Using proxy: auto-services.usersys.redhat.com:3129 2016-04-21 19:17:02,323 [DEBUG] rhsmcertd-worker:7890 @connection.py:523 - Making request: GET https://10.70.35.236:8443/candlepin/consumers/8a41c9da-4c79-436b-96a4-d5e1ae884eb9 2016-04-21 19:17:02,326 [WARNING] rhsmcertd-worker:7890 @base_action_client.py:72 - Exception caught while running <subscription_manager.identitycertlib.IdentityCertActionInvoker object at 0x1105fd0> update 2016-04-21 19:17:02,326 [ERROR] rhsmcertd-worker:7890 @base_action_client.py:73 - [Errno 13] Permission denied Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/base_action_client.py", line 63, in _run_update update_report = lib.update() File "/usr/share/rhsm/subscription_manager/certlib.py", line 31, in update self.report = self.locker.run(self._do_update) File "/usr/share/rhsm/subscription_manager/certlib.py", line 17, in run return action() File "/usr/share/rhsm/subscription_manager/identitycertlib.py", line 35, in _do_update return action.perform() File "/usr/share/rhsm/subscription_manager/identitycertlib.py", line 61, in perform return self._update_cert(identity) File "/usr/share/rhsm/subscription_manager/identitycertlib.py", line 71, in _update_cert consumer = self._get_consumer(identity) File "/usr/share/rhsm/subscription_manager/identitycertlib.py", line 89, in _get_consumer consumer = self.uep.getConsumer(identity.uuid) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 1001, in getConsumer return self.conn.request_get(method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in request_get return self._request("GET", method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 537, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.7/httplib.py", line 979, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1013, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 241, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect HTTPConnection.connect(self) File "/usr/lib64/python2.7/httplib.py", line 778, in connect self.timeout, self.source_address) File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err error: [Errno 13] Permission denied 2016-04-21 19:17:02,327 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.content_action_client.ContentActionClient object at 0x1105590> 2016-04-21 19:17:02,327 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.repolib.RepoActionInvoker object at 0x110f190> 2016-04-21 19:17:02,329 [DEBUG] rhsmcertd-worker:7890 @connection.py:475 - Loaded CA certificates from /etc/rhsm/ca/: redhat-uep.pem, candlepin-ca.pem 2016-04-21 19:17:02,329 [DEBUG] rhsmcertd-worker:7890 @connection.py:508 - Using proxy: auto-services.usersys.redhat.com:3129 2016-04-21 19:17:02,329 [DEBUG] rhsmcertd-worker:7890 @connection.py:523 - Making request: GET https://10.70.35.236:8443/candlepin/ 2016-04-21 19:17:02,332 [WARNING] rhsmcertd-worker:7890 @base_action_client.py:72 - Exception caught while running <subscription_manager.repolib.RepoActionInvoker object at 0x110f190> update 2016-04-21 19:17:02,332 [ERROR] rhsmcertd-worker:7890 @base_action_client.py:73 - [Errno 13] Permission denied Traceback (most recent call last): File "/usr/share/rhsm/subscription_manager/base_action_client.py", line 63, in _run_update update_report = lib.update() File "/usr/share/rhsm/subscription_manager/certlib.py", line 31, in update self.report = self.locker.run(self._do_update) File "/usr/share/rhsm/subscription_manager/certlib.py", line 17, in run return action() File "/usr/share/rhsm/subscription_manager/repolib.py", line 73, in _do_update action = RepoUpdateActionCommand(cache_only=self.cache_only) File "/usr/share/rhsm/subscription_manager/repolib.py", line 216, in __init__ self.override_supported = bool(self.identity.is_valid() and self.uep and self.uep.supports_resource('content_overrides')) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 804, in supports_resource self._load_supported_resources() File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 791, in _load_supported_resources resources_list = self.conn.request_get("/") File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in request_get return self._request("GET", method) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 537, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.7/httplib.py", line 979, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.7/httplib.py", line 1013, in _send_request self.endheaders(body) File "/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 241, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 195, in connect HTTPConnection.connect(self) File "/usr/lib64/python2.7/httplib.py", line 778, in connect self.timeout, self.source_address) File "/usr/lib64/python2.7/socket.py", line 571, in create_connection raise err error: [Errno 13] Permission denied 2016-04-21 19:17:02,333 [DEBUG] rhsmcertd-worker:7890 @plugins.py:569 - loaded plugin modules: [] 2016-04-21 19:17:02,333 [DEBUG] rhsmcertd-worker:7890 @plugins.py:570 - loaded plugins: {} 2016-04-21 19:17:02,333 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.factlib.FactsActionInvoker object at 0x1105cd0> 2016-04-21 19:17:02,368 [DEBUG] rhsmcertd-worker:7890 @hwprobe.py:554 - cpu info: {'cpu.cpu(s)': 1, 'cpu.core(s)_per_socket': 1, 'cpu.thread(s)_per_core': 1, 'cpu.topology_source': 'kernel /sys cpu sibling lists', 'cpu.cpu_socket(s)': 1} 2016-04-21 19:17:02,426 [DEBUG] rhsmcertd-worker:7890 @hwprobe.py:772 - Running 'virt-what' 2016-04-21 19:17:02,642 [DEBUG] rhsmcertd-worker:7890 @hwprobe.py:776 - virt-what stdout: kvm 2016-04-21 19:17:02,642 [DEBUG] rhsmcertd-worker:7890 @hwprobe.py:777 - virt-what stderr: 2016-04-21 19:17:02,648 [INFO] rhsmcertd-worker:7890 @hwprobe.py:854 - collected virt facts: virt.is_guest=True, virt.host_type=kvm, virt.uuid=e30c6f0f-5e35-4513-99c8-03260090e0f1 2016-04-21 19:17:02,648 [DEBUG] rhsmcertd-worker:7890 @factlib.py:105 - Facts have not changed, skipping upload. 2016-04-21 19:17:02,648 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.packageprofilelib.PackageProfileActionInvoker object at 0x11055d0> 2016-04-21 19:17:02,649 [INFO] rhsmcertd-worker:7890 @cache.py:382 - Server does not support packages, skipping profile upload. 2016-04-21 19:17:02,649 [DEBUG] rhsmcertd-worker:7890 @base_action_client.py:85 - running lib: <subscription_manager.installedproductslib.InstalledProductsActionInvoker object at 0x1105f10> 2016-04-21 19:17:02,649 [DEBUG] rhsmcertd-worker:7890 @cache.py:138 - Checking current system info against cache: /var/lib/rhsm/cache/installed_products.json 2016-04-21 19:17:02,650 [DEBUG] rhsmcertd-worker:7890 @cache.py:155 - No changes.