Bug 1677251
Summary: | AVC while running php container [x86_64 only] | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Lukáš Zachar <lzachar> |
Component: | container-selinux | Assignee: | Lokesh Mandvekar <lsm5> |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.0 | CC: | ddarrah, dwalsh, jorton, lvrabec, mmalik, plautrba, ssekidde, tjaros, ypu, zpytela |
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | container-selinux 2.86 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 21:01:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lukáš Zachar
2019-02-14 11:16:37 UTC
There is a php config option to turn off huge pages if this can't be supported in containers, though I assume this was working in the RHEL7 containers (haven't checked) so need to work out why it started failing now. I'm starting to think I didn't pay attention to selinux avc in previous testing. On rhel-7's docker is produces same AVC FIxed in container-selinux-2.86 Can reproduced with selinux-policy-3.14.1-52.el8.noarch and test with selinux-policy-3.14.3-20.el8.noarch it works as expect. So set this to verified. Details: # podman run --rm -ti brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhel8/php-72:1-11 php -v Trying to pull brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/rhel8/php-72:1-11...Getting image source signatures Copying blob e1456a520312 done Copying blob 906eb0786e5b done Copying blob 251702110414 done Copying blob 1d90b227b489 done Copying blob b2085224bc28 done Copying config 28389eca49 done Writing manifest to image destination Storing signatures PHP 7.2.11 (cli) (built: Oct 9 2018 15:09:36) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies with Zend OPcache v7.2.11, Copyright (c) 1999-2018, by Zend Technologies # ausearch -m avc -i -ts recent <no matches> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3403 |