Bug 1404562

Summary: [SELinux] [Eventing]: gluster-eventsapi shows a traceback while adding a webhook
Product: Red Hat Enterprise Linux 6 Reporter: Sweta Anandpara <sanandpa>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact: Mirek Jahoda <mjahoda>
Priority: urgent    
Version: 6.9CC: amukherj, avishwan, dwalsh, fkrska, lvrabec, mgrepl, mjahoda, mmalik, plautrba, pprakash, pvrabec, rcyriac, rhinduja, sanandpa, ssekidde, vbellur
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-307.el6 Doc Type: Bug Fix
Doc Text:
A missing SELinux rule was previously causing errors when adding a webhook using the gluster-eventsapi command. The rule to allow "glusterd_t" domain binds on glusterd UDP port has been added, and adding a webhook using gluster-eventsapi now works properly.
 Story Points: ---
Clone Of: 1379963
: 1409482 (view as bug list) Environment:
Last Closed: 2017-03-21 09:50:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1404152    
Bug Blocks: 1409482    

Comment 1 Milos Malik 2016-12-14 08:29:28 UTC 
SELinux policy developers need to see the AVC which appear on RHEL-6. It won't be the same AVC as on RHEL-7, because unconfined_service_t is not defined in RHEL-6.
Comment 5 Sweta Anandpara 2016-12-15 05:45:01 UTC 
This is the avc generated in rhel6.8 machines:

type=AVC msg=audit(1481780470.788:890289): avc:  denied  { signal } for  pid=22888 comm="python" scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1481780470.788:890289): arch=c000003e syscall=62 success=no exit=-13 a0=6a59 a1=c a2=1 a3=7ffc1e6768f8 items=0 ppid=25347 pid=22888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=42645 comm="python" exe="/usr/bin/python" subj=unconfined_u:system_r:glusterd_t:s0 key=(null)
Comment 11 errata-xmlrpc 2017-03-21 09:50:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0627.html