Bug 1628679
Summary: | [OSP13] neutron-openvswitch-agent crashes on RHEL 7.6 Beta with SELinux enabled | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Andrew Austin <aaustin> | ||||
Component: | openstack-selinux | Assignee: | Lon Hohberger <lhh> | ||||
Status: | CLOSED ERRATA | QA Contact: | Jon Schlueter <jschluet> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 13.0 (Queens) | CC: | aaustin, goneri, lhh, mburns, mgrepl | ||||
Target Milestone: | async | Keywords: | Triaged, ZStream | ||||
Target Release: | 13.0 (Queens) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openstack-selinux-0.8.14-15.el7ost | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1630318 1635655 1635657 1635659 1635660 (view as bug list) | Environment: | |||||
Last Closed: | 2018-10-31 16:17:07 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1630318 | ||||||
Bug Blocks: | 1635655, 1635657, 1635659, 1635660 | ||||||
Attachments: |
|
Description
Andrew Austin
2018-09-13 17:46:38 UTC
allow neutron_t chkpwd_exec_t:file { execute execute_no_trans open read }; ^ This has been seen before. It seems how chkpwd_unix is executed changed, or otherwise, there is something different in the sudo stack that breaks existing policies here. This behavior does not occur on 7.5 and prior. Is there an audit.log we can attach here? I did not capture the audit log from the DCI environment before it was destroyed. I also won't be able to work on reproducing this issue in my own lab until next week at the earliest. Created attachment 1487734 [details]
audit.log gathered with permissive mode set
audit.lig gathered by our QA colleagues with SELinux in Permissive mode
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3435 |