Bug 1561711
Summary: | [OSP13] Got lots OVS daemon ERRs while starting a OVS-dpdk guest | |||
---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Lon Hohberger <lhh> | |
Component: | openstack-selinux | Assignee: | Lon Hohberger <lhh> | |
Status: | CLOSED ERRATA | QA Contact: | Maxim Babushkin <mbabushk> | |
Severity: | high | Docs Contact: | ||
Priority: | urgent | |||
Version: | 13.0 (Queens) | CC: | aconole, atragler, berrange, ctrautma, fleitner, jherrman, jhsiao, jraju, jsuchane, juzhang, ktraynor, kzhang, maxime.coquelin, mbabushk, mgrepl, pezhang, rbalakri, rcain, skramaja, srevivo, tredaelli | |
Target Milestone: | rc | Keywords: | SELinux, Triaged | |
Target Release: | 13.0 (Queens) | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | openstack-selinux-0.8.14-12.el7ost | Doc Type: | Bug Fix | |
Doc Text: |
Previously, the virtlogd service logged redundant AVC denial errors when a guest virtual machine was started. With this update, the virtlogd service no longer attempts to send shutdown inhibition calls to systemd, which prevents the described errors from occurring.
|
Story Points: | --- | |
Clone Of: | 1547250 | |||
: | 1561727 1561728 1561729 (view as bug list) | Environment: | ||
Last Closed: | 2018-06-27 13:49:05 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1561727, 1561728, 1561729 |
Description
Lon Hohberger
2018-03-28 18:04:50 UTC
/var/log/audit/audit.log.1:type=USER_AVC msg=audit(1527075220.353:14540): pid=581 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.866 spid=575 tpid=11664 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' was turned up in CI, which is the opposite from the original AVC reported 0001-Allow-virtlogd-to-write-to-systemd_logind-FIFOs.patch also showed up, but may not be affecting this bug. Bad paste: type=AVC msg=audit(1527492439.572:13842): avc: denied { write } for pid=10949 comm=\"virtlogd\" path=\"/run/systemd/inhibit/4.ref\" dev=\"tmpfs\" ino=251799 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:systemd_logind_inhibit_var_run_t:s0 tclass=fifo_file showed up during CI runs Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086 |