Bug 1398338

Summary: /usr/libexec/rhsmcertd-worker (rhsmcertd_t) sends kill to rhsmcertd_t
Product: Red Hat Enterprise Linux 7 Reporter: Robert Scheck <redhat-bugzilla>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: ktordeur, lvrabec, mgrepl, mmalik, plautrba, pvrabec, robert.scheck, ssekidde
Target Milestone: rc   
Target Release: 7.4   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.13.1-175.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 12:25:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1420851    

Description Robert Scheck 2016-11-24 13:31:39 UTC 
Description of problem:
type=AVC msg=audit(1479945447.761:189119): avc:  denied  { kill } for  pid=18076 comm="rhsmcertd-worke" capability=5  scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=capability
type=SYSCALL msg=audit(1479945447.761:189119): arch=x86_64 syscall=kill success=no exit=EPERM a0=6fc9 a1=0 a2=469c a3=0 items=0 ppid=1561 pid=18076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.13.1-60.el7_2.9.noarch
subscription-manager-1.15.9-15.el7.x86_64

How reproducible:
Not sure, likely an RHSM internal routine.

Actual results:
SELinux Troubleshoot mail

Expected results:
No SELinux Troubleshoot mail

Additional info:
Bug #1379781 feels similar in general, while it is not a duplicate.
Comment 1 Robert Scheck 2017-02-01 11:06:28 UTC 
Still happens with selinux-policy-targeted-3.13.1-102.el7_3.7.noarch and
subscription-manager-1.17.15-1.el7.x86_64:

type=AVC msg=audit(1485888866.444:1569873): avc:  denied  { kill } for  pid=25514 comm="rhsmcertd-worke" capability=5  scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=capability
type=SYSCALL msg=audit(1485888866.444:1569873): arch=x86_64 syscall=kill success=no exit=EPERM a0=5956 a1=0 a2=63aa a3=0 items=0 ppid=565 pid=25514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rhsmcertd-worke exe=/usr/bin/python2.7 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)


Cross-filed case 01783718 on the Red Hat customer portal.
Comment 2 Robert Scheck 2017-02-01 11:10:08 UTC 
Based on the time (Tue, 31 Jan 2017 19:54:38 +0100 (CET)), there is a match
in the /var/log/rhsm/rhsmcertd.log file:

Tue Jan 31 11:54:26 2017 [INFO] (Cert Check) Certificates updated.
Tue Jan 31 15:53:04 2017 [INFO] (Auto-attach) Certificates updated.
Tue Jan 31 15:54:26 2017 [INFO] (Cert Check) Certificates updated.
Tue Jan 31 19:54:26 2017 [INFO] (Cert Check) Certificates updated.
Tue Jan 31 23:54:25 2017 [INFO] (Cert Check) Certificates updated.
Wed Feb  1 03:54:26 2017 [INFO] (Cert Check) Certificates updated.
Wed Feb  1 07:54:28 2017 [INFO] (Cert Check) Certificates updated.
Wed Feb  1 11:54:26 2017 [INFO] (Cert Check) Certificates updated.

Conclusion: RHSM internal routine triggers this (as assumed before).
Comment 9 Robert Scheck 2018-01-10 13:18:38 UTC 
Okay, when will selinux-policy-3.13.1-175.el7 be made available? This issue
exists now for 1+ year...I even had to figure out via Google that I already 
reported the issue when receiving this AVC message for a new host :-(

Cross-filed ticket 02008675 at the Red Hat customer portal.
Comment 12 errata-xmlrpc 2018-04-10 12:25:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0763