Bug 207116
| Summary: | mcstrands generating AVC denials in audit log | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Berrangé <berrange> | ||||
| Component: | mcstrans | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED RAWHIDE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2006-09-26 14:09:20 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 136647 [details]
Most recent 500 lines of audit logs
I ran into this problem in FC6 test3 too. I'd get these messages every time I logged in. It went away when I installed caching-nameserver-9.3.2-41.fc6. I also got error messages during boot up about either the user or the group 'named' not existing, which is what prompted me to install the nameserver package. Apparently little things go wrong in various packages when there's no named user. If you update to the latest policy and restart mcstransd this problem will go away. You can also just stop mcstransd if you don't want to update. |
Description of problem: Whenever I login to the machine the /var/log/audit/audit.log is filled with 50 AVC denial messages - basically the following 2 lines repeated over & over again: type=AVC msg=audit(1158677113.838:716): avc: denied { search } for pid=1916 comm="mcstransd" name="3591" dev=proc ino=235339778 scontext=system_u:system_r:setrans_t:s0 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=dir type=SYSCALL msg=audit(1158677113.838:716): arch=c000003e syscall=2 success=no exit=-13 a0=605540 a1=0 a2=0 a3=605540 items=0 ppid=1 pid=1916 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mcstransd" exe="/sbin/mcstransd" subj=system_u:system_r:setrans_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-2.3.13-5 selinux-policy-targeted-2.3.13-5 policycoreutils-1.30.29-1 mcstrans-0.1.8-3 How reproducible: Every login attempt, both ssh & local console Steps to Reproduce: 1. Watch audit logs in one window 2. Login to console 3. Actual results: Audit logs fill up with many AVC denials for mcstransd Expected results: No AVC denial logs Additional info: I've touched /.autorelabel & rebooted, and rebooted again for good measure. the machine is fully uptodate with rawhide as of Sep 19th 10:00 EST