Bug 1790452

Summary: Installation of pcp-pmda-samba causes SELinux issues
Product: Red Hat Enterprise Linux 8 Reporter: Jan Kurik <jkurik>
Component: pcpAssignee: Nathan Scott <nathans>
Status: CLOSED ERRATA QA Contact: Jan Kurik <jkurik>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.2CC: agerstmayr, jkurik, mgoodwin, nathans, patrickm
Target Milestone: rcKeywords: Bugfix, Reopened, Triaged
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pcp-5.1.1-3 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 03:00:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Kurik 2020-01-13 11:27:18 UTC 
Description of problem:
Installation of pcp-pmda-samba PMDA on a fresh RHEL-8.2 system triggers SELinux issues.

Version-Release number of selected component (if applicable):
* pcp-pmda-samba-5.0.2-2.el8

How reproducible:
Always

Steps to Reproduce:
1.On a fresh RHEL-8.2 system install pcp-pmda-samba
# yum install -y pcp-pmda-samba

2. Run an installation script of the PMDA
# cd /var/lib/pcp/pmdas/samba/ && ./Install

3. Check SELinux reports using ausearch or audit2allow tools
# ausearch -m AVC,USER_AVC
# audit2allow -a

Actual results:
SELinux issues reported:

type=AVC msg=audit(1578497637.418:784): avc:  denied  { write } for  pid=19494 comm=smbstatus name=msg.lock dev=vda1 ino=6348450 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=unconfined_u:object_r:samba_var_t:s0 tclass=dir permissive=0

#============= pcp_pmcd_t ==============
allow pcp_pmcd_t samba_var_t:dir write;

Expected results:
The installation and run of the PMDA does not produce any SELinux issues.
Comment 1 Nathan Scott 2020-04-21 00:29:05 UTC 
This will be resolved by rebase to pcp-5.1.x

*** This bug has been marked as a duplicate of bug 1792971 ***
Comment 2 Jan Kurik 2020-06-12 15:22:41 UTC 
This issue still persist in pcp-5.1.1-2.el8 build.
Comment 5 Jan Kurik 2020-07-13 08:14:57 UTC 
Verified on pcp-selinux-5.1.1-3.el8
Comment 8 errata-xmlrpc 2020-11-04 03:00:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (pcp bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4684