Bug 1467601

Summary: SELINUX_ERR during creating oracle instance in Docker
Product: Red Hat Enterprise Linux 7 Reporter: Pavel Studeník <pstudeni>
Component: container-selinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: dwalsh, jpazdziora, lvrabec, mgrepl, mmalik, mpitt, plautrba, pvrabec, ssekidde
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-10 18:30:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pavel Studeník 2017-07-04 10:24:14 UTC 
Description of problem:
I am not sure that it is problem of RHEL or problem of Oracle, but when I try to create oracle instance in Docker I receive following AVC message in audit.log

type=PROCTITLE msg=audit(1499101476.902:129): proctitle=2F746D702F4F7261496E7374616C6C323031372D30372D30335F30352D30342D3135504D2F6A646B2F6A72652F62696E2F6A617661002D446F7261636C652E696E7374616C6C65722E6C6962726172795F6C6F633D2F746D702F4F7261496E7374616C6C323031372D30372D30335F30352D30342D3135504D2F6F75692F6C69
type=SYSCALL msg=audit(1499101476.902:129): arch=c000003e syscall=2 per=400000 success=yes exit=6 a0=7f1ebcdb72e0 a1=80000 a2=10000 a3=8 items=0 ppid=4255 pid=4436 auid=4294967295 uid=54321 gid=54321 euid=54321 suid=54321 fsuid=54321 egid=54321 sgid=54321 fsgid=54321 tty=(none) ses=4294967295 comm="java" exe="/tmp/OraInstall2017-07-03_05-04-15PM/jdk/jre/bin/java" subj=system_u:system_r:svirt_lxc_net_t:s0:c666,c919 key=(null)
type=SELINUX_ERR msg=audit(1499101476.902:129): op=security_compute_av reason=bounds scontext=system_u:system_r:svirt_lxc_net_t:s0:c666,c919 tcontext=system_u:object_r:cpu_online_t:s0 tclass=file perms=entrypoint
Fail: AVC messages found.

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-165.el7.noarch
redhat-release-server-7.4-18.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install oracle in docker by instructions from https://github.com/oracle/docker-images/tree/master/OracleDatabase

Actual results:
same similar AVC messages in audit log

Expected results:
No AVC mesage
Comment 3 Lukas Vrabec 2017-07-04 11:30:41 UTC 
Moving to proper component.
Comment 4 Daniel Walsh 2017-10-09 12:31:35 UTC 
Did the oracle instance actually start?
Comment 5 Pavel Studeník 2017-10-09 12:34:31 UTC 
Yes. The instance starts and it looks that works.
Comment 6 Daniel Walsh 2017-10-09 13:53:25 UTC 
rpm -q container-selinux
Comment 7 Daniel Walsh 2017-10-11 16:44:56 UTC 
This is actually not a bug, but a problem in the selinux tool chain which should be updated in RHEL7.5.

I believe an update to container-selinux might stop this message from being printed.
Comment 9 Pavel Studeník 2017-10-17 08:58:50 UTC 
# rpm -q container-selinux
container-selinux-2.28-1.git85ce147.el7.noarch
Comment 10 Martin Pitt 2018-02-06 21:44:29 UTC 
Duplicate of bug 1461893?
Comment 11 Daniel Walsh 2019-01-10 18:30:06 UTC 
I believe this is fixed in latest RHEL releases.
Comment 12 Jan Pazdziora 2019-01-11 09:43:25 UTC 
Shouldn't this have gone through the proper QE verification, which would ideally also include extending the automation testing to catch similar issues in the future?
Comment 13 Red Hat Bugzilla 2023-09-14 04:00:34 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days