Bug 1821602
| Summary: | [RGW]: SElinux denials observed on teuthology multisite run | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Tejas <tchandra> | |
| Component: | RGW-Multisite | Assignee: | Kaleb KEITHLEY <kkeithle> | |
| Status: | CLOSED ERRATA | QA Contact: | Tejas <tchandra> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 3.3 | CC: | ceph-eng-bugs, ceph-qe-bugs, kkeithle, tserlin | |
| Target Milestone: | z5 | Keywords: | Automation | |
| Target Release: | 3.3 | |||
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | RHEL: ceph-12.2.12-103.el7cp Ubuntu: ceph_12.2.12-98redhat1xenial | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1822902 (view as bug list) | Environment: | ||
| Last Closed: | 2020-06-10 15:44:19 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1822902 | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2488 |
Description of problem: ceph version 12.2.12-101.el7cp (20a4945f2321019ed50c1844b413059c07304074) luminous On a teuthology multisite run, we see failures with multiple selinux denials. 2020-04-06T05:26:47.732 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164501.591:3252): avc: denied { name_connect } for pid=25545 comm="radosgw" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.733 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164773.692:139): avc: denied { name_connect } for pid=2051 comm="meta-sync" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.733 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164773.692:140): avc: denied { name_connect } for pid=2051 comm="data-sync" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.734 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164773.867:141): avc: denied { name_connect } for pid=2051 comm="http_manager" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.734 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164774.990:170): avc: denied { name_connect } for pid=2051 comm="http_manager" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.734 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164776.945:200): avc: denied { name_connect } for pid=2051 comm="http_manager" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.735 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164799.351:225): avc: denied { name_connect } for pid=2051 comm="http_manager" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.735 INFO:teuthology.orchestra.run.pluto009.stdout:type=AVC msg=audit(1586164874.154:295): avc: denied { name_connect } for pid=2051 comm="http_manager" dest=8080 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket permissive=1 2020-04-06T05:26:47.735 DEBUG:teuthology.task.selinux:ubuntu.redhat.com has 8 denials selinux is set to permissive mode in this run. Logs attached.