Bug 1354347
| Summary: | [Selinux] avc: denied for logrotate | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Storage Console | Reporter: | Timothy Asir <tjeyasin> |
| Component: | build | Assignee: | Timothy Asir <tjeyasin> |
| Status: | CLOSED WONTFIX | QA Contact: | sds-qe-bugs |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2 | CC: | branto, mbukatov, mkudlej, nthomas, sankarshan, tjeyasin |
| Target Milestone: | --- | ||
| Target Release: | 3 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | rhscon-core-0.0.36-1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-11-19 05:42:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1326788 | ||
Hi Timothy, is this still an issue? Could you retest with the latest packages? From what I understand at least some of these denials should already be fixed. Yes its fixed now in the latest version. I could not able to see this denial now. This product is EOL now |
Description of problem: avc: denied for log rotate time->Sun Jul 10 03:36:04 2016 type=USER_AVC msg=audit(1468101964.319:3367): pid=4523 uid=0 auid=0 ses=304 subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 msg='avc: denied { passwd } for scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=passwd exe="/usr/bin/su" sauid=0 hostname=? addr=? terminal=?' ---- time->Sun Jul 10 03:36:04 2016 type=USER_AVC msg=audit(1468101964.600:3371): pid=644 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.login1.Manager member=CreateSession dest=org.freedesktop.login1 spid=4523 tpid=650 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Sun Jul 10 03:36:04 2016 type=USER_AVC msg=audit(1468101964.604:3372): pid=644 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.687 spid=650 tpid=4523 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' ---- time->Sun Jul 10 03:36:02 2016 type=SYSCALL msg=audit(1468101962.201:3363): arch=c000003e syscall=42 success=no exit=-115 a0=11 a1=7fa79488b7c0 a2=1c a3=75 items=0 ppid=1 pid=26638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1468101962.201:3363): avc: denied { name_connect } for pid=26638 comm="httpd" dest=10080 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:amanda_port_t:s0 tclass=tcp_socket ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.674:3376): arch=c000003e syscall=4 success=yes exit=0 a0=7fa858880d38 a1=7fa858232d90 a2=7fa858232d90 a3=0 items=0 ppid=4523 pid=4565 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.674:3376): avc: denied { getattr } for pid=4565 comm="beam" path="/var/lib/rabbitmq/.erlang.cookie" dev="dm-0" ino=35829760 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file ---- time->Sun Jul 10 03:36:04 2016 type=SYSCALL msg=audit(1468101964.273:3364): arch=c000003e syscall=41 success=yes exit=3 a0=10 a1=80003 a2=7 a3=0 items=0 ppid=4512 pid=4523 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=304 comm="su" exe="/usr/bin/su" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101964.273:3364): avc: denied { create } for pid=4523 comm="su" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket ---- time->Sun Jul 10 03:36:04 2016 type=SYSCALL msg=audit(1468101964.274:3365): arch=c000003e syscall=49 success=yes exit=0 a0=3 a1=7ffc71e78ec0 a2=c a3=0 items=0 ppid=4512 pid=4523 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=304 comm="su" exe="/usr/bin/su" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101964.274:3365): avc: denied { bind } for pid=4523 comm="su" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket ---- time->Sun Jul 10 03:36:04 2016 type=SYSCALL msg=audit(1468101964.318:3366): arch=c000003e syscall=1 success=yes exit=94 a0=4 a1=7f61c3581010 a2=5e a3=0 items=0 ppid=4512 pid=4523 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=304 comm="su" exe="/usr/bin/su" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101964.318:3366): avc: denied { compute_av } for pid=4523 comm="su" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=security ---- time->Sun Jul 10 03:36:04 2016 type=SYSCALL msg=audit(1468101964.906:3374): arch=c000003e syscall=21 success=yes exit=0 a0=7fbf4c0825a0 a1=4 a2=7fbf7413bfa8 a3=0 items=0 ppid=29690 pid=29750 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="bigfin" exe="/var/lib/skyring/providers/bigfin" subj=system_u:system_r:skyring_t:s0 key=(null) type=AVC msg=audit(1468101964.906:3374): avc: denied { read } for pid=29750 comm="bigfin" name="var" dev="dm-0" ino=133 scontext=system_u:system_r:skyring_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.266:3375): arch=c000003e syscall=49 success=no exit=-98 a0=3 a1=7ffc04bff580 a2=10 a3=7ffc04bff020 items=0 ppid=1 pid=4558 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="epmd" exe="/usr/lib64/erlang/erts-5.10.4/bin/epmd" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.266:3375): avc: denied { name_bind } for pid=4558 comm="epmd" src=4369 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.675:3377): arch=c000003e syscall=21 success=yes exit=0 a0=7fa858880d38 a1=4 a2=0 a3=0 items=0 ppid=4523 pid=4565 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.675:3377): avc: denied { read } for pid=4565 comm="beam" name=".erlang.cookie" dev="dm-0" ino=35829760 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.675:3378): arch=c000003e syscall=2 success=yes exit=5 a0=7fa858880d78 a1=0 a2=1b6 a3=0 items=0 ppid=4523 pid=4566 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.675:3378): avc: denied { open } for pid=4566 comm="beam" path="/var/lib/rabbitmq/.erlang.cookie" dev="dm-0" ino=35829760 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.682:3379): arch=c000003e syscall=50 success=yes exit=0 a0=5 a1=80 a2=7fa85b1c0028 a3=7ffdca528d00 items=0 ppid=4523 pid=4531 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.682:3379): avc: denied { listen } for pid=4531 comm="beam" lport=58901 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=tcp_socket ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.684:3380): arch=c000003e syscall=42 success=no exit=-115 a0=6 a1=7fa858881020 a2=10 a3=7ffdca528d00 items=0 ppid=4523 pid=4531 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.684:3380): avc: denied { name_connect } for pid=4531 comm="beam" dest=4369 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.689:3381): arch=c000003e syscall=43 success=no exit=-11 a0=5 a1=7ffdca528fc0 a2=7ffdca528fb0 a3=7ffdca528d00 items=0 ppid=4523 pid=4531 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.689:3381): avc: denied { accept } for pid=4531 comm="beam" lport=58901 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tclass=tcp_socket ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.715:3382): arch=c000003e syscall=21 success=yes exit=0 a0=7fa858881ae0 a1=4 a2=0 a3=0 items=0 ppid=4523 pid=4563 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.715:3382): avc: denied { read } for pid=4563 comm="beam" name="rabbitmq" dev="dm-0" ino=35564875 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=dir ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.715:3383): arch=c000003e syscall=21 success=yes exit=0 a0=7fa858881ae0 a1=2 a2=0 a3=0 items=0 ppid=4523 pid=4563 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.715:3383): avc: denied { write } for pid=4563 comm="beam" name="rabbitmq" dev="dm-0" ino=35564875 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=dir ---- time->Sun Jul 10 03:36:06 2016 type=SYSCALL msg=audit(1468101966.803:3384): arch=c000003e syscall=42 success=no exit=-115 a0=8 a1=7fa858882018 a2=10 a3=1 items=0 ppid=4523 pid=4531 auid=0 uid=995 gid=992 euid=995 suid=995 fsuid=995 egid=992 sgid=992 fsgid=992 tty=(none) ses=304 comm="beam" exe="/usr/lib64/erlang/erts-5.10.4/bin/beam" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1468101966.803:3384): avc: denied { name_connect } for pid=4531 comm="beam" dest=25672 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_port_t:s0 tclass=tcp_socket Version-Release number of selected component (if applicable): skyring-0.0.32.tar.gz