Bug 1829758

Summary: [ceph-mon]: SELinux denial observed on ceph-mon on RHEL 7.8
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Tejas <tchandra>
Component: RADOSAssignee: Brad Hubbard <bhubbard>
Status: CLOSED ERRATA QA Contact: Manohar Murthy <mmurthy>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1CC: akupczyk, bhubbard, ceph-eng-bugs, dzafman, kchai, nojha, rzarzyns, sseshasa, tchandra, tserlin
Target Milestone: z1Keywords: Automation
Target Release: 4.1   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-14.2.8-71.el8cp, ceph-14.2.8-71.el7cp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-20 14:21:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tejas 2020-04-30 09:39:55 UTC 
Description of problem:

from a RGW multisite test being run on Teuthology, we have observed a Selinux denial which has caused the test failure.

Teuthology Log:
http://magna002.ceph.redhat.com/tchandra-2020-04-29_08:08:02-rgw:multisite-ansible-rh-nautilus-distro-basic-clara/374558/teuthology.log

Error :
SELinuxError: SELinux denials found on ubuntu.redhat.com: ['type=AVC msg=audit(1588169929.210:1519): avc:  denied  { getattr } for  pid=18275 comm="ceph-mon" path="/proc/kcore" dev="proc" ino=4026532039 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1588169995.071:1999): avc:  denied  { search } for  pid=21095 comm="ceph-mgr" name="httpd" dev="sda1" ino=65683 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir permissive=1', 'type=AVC msg=audit(1588170158.494:2739): avc:  denied  { getattr } for  pid=27773 comm="ceph-mon" path="/proc/kcore" dev="proc" ino=4026532039 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file permissive=1']


Will be attaching the auditlog of this run , in this BZ.
Comment 9 errata-xmlrpc 2020-07-20 14:21:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3003