Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1726838

Summary: [RHEL-7.7] Got AVC while running OVS-dpdk testing under Rhel-7.7
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Jean-Tsung Hsiao <jhsiao>
Component: openvswitch-selinux-extra-policyAssignee: Aaron Conole <aconole>
Status: CLOSED ERRATA QA Contact: Jean-Tsung Hsiao <jhsiao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: FDP 19.DCC: aconole, ctrautma, jhsiao, kfida, qding, ralongi
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch-selinux-extra-policy-1.0-15.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-10 08:55:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test package none

Description Jean-Tsung Hsiao 2019-07-03 20:36:05 UTC 
Description of problem: [RHEL-7.7] Got AVC while running OVS-dpdk testing under Rhel-7.7

Please review the following log piece from beaker job, https://beaker.engineering.redhat.com/jobs/3633391

Info: Searching AVC errors produced since 1561649823.55 (Thu Jun 27 11:37:03 2019)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 06/27/2019 11:37:03 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.w3ugVE 2>&1'
----
time->Thu Jun 27 11:37:17 2019
type=PROCTITLE msg=audit(1561649837.910:94): proctitle=6F76732D767377697463686400756E69783A2F7661722F72756E2F6F70656E767377697463682F64622E736F636B002D76636F6E736F6C653A656D6572002D767379736C6F673A657272002D7666696C653A696E666F002D2D6D6C6F636B616C6C002D2D6E6F2D6368646972002D2D6C6F672D66696C653D2F7661722F6C6F67
type=SYSCALL msg=audit(1561649837.910:94): arch=c000003e syscall=0 success=yes exit=8 a0=1f a1=7fff24a27b60 a2=8 a3=9 items=0 ppid=1 pid=5022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ovs-vswitchd" exe="/usr/sbin/ovs-vswitchd" subj=system_u:system_r:openvswitch_t:s0 key=(null)
type=AVC msg=audit(1561649837.910:94): avc:  denied  { sys_admin } for  pid=5022 comm="ovs-vswitchd" capability=21  scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=capability permissive=0
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.w3ugVE | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
https://beaker.engineering.redhat.com/jobs/3633391


Version-Release number of selected component (if applicable):
19.D testing under RHEL-7.7-20190619.0

How reproducible: Reproducible


Steps to Reproduce:
1. https://beaker.engineering.redhat.com/jobs/3633391
2.
3.

Actual results:


Expected results:


Additional info:
Comment 5 Aaron Conole 2019-10-21 14:58:46 UTC 
Created attachment 1627719 [details]
test package
Comment 10 Jean-Tsung Hsiao 2019-11-25 19:21:02 UTC 
For sanity, ran PvP tests against openvswitch2.11-2.11.0-28.el7fdn.x86_64 --- passed.
Comment 11 Jean-Tsung Hsiao 2019-12-09 03:57:42 UTC 
Hi Aaron,
This issue still exists in 20.A testing. Here is a failed job cause by AVC: https://beaker.engineering.redhat.com/jobs/3944463.
Please look into it.
Thanks!
Jean
Comment 12 Aaron Conole 2020-01-13 14:12:59 UTC 
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=1053468

Built
Comment 14 Jean-Tsung Hsiao 2020-01-29 04:04:26 UTC 
The bug fix has been verified. Please check the following job:
https://beaker.engineering.redhat.com/jobs/4040466
Comment 16 errata-xmlrpc 2020-03-10 08:55:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0741