Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2169463

Summary: avc: denied { write } for pid=xxxxx comm="ovs-appctl" for ovn*.ctl
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Rick Alongi <ralongi>
Component: openvswitch-selinux-extra-policyAssignee: Aaron Conole <aconole>
Status: CLOSED EOL QA Contact: Rick Alongi <ralongi>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: FDP 23.ACC: aconole, ctrautma, qding
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-10-08 17:49:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit.log none

Description Rick Alongi 2023-02-13 16:34:39 UTC 
Created attachment 1943865 [details]
audit.log

Description of problem:

***NOTE:***This appears to be the same issue tracked for RHEL-8 in https://bugzilla.redhat.com/show_bug.cgi?id=2107705.

avc.log reporting denied  { write } for  pid=xxxxx comm="ovs-appctl" for various PIDs related to ovn processes (more details below)


Version-Release number of selected component (if applicable):

kernel: 5.14.0-239.el9.x86_64
openvswitch-selinux-extra-policy-1.0-31.el9fdp.noarch
openvswitch3.0-3.0.0-27.el9fdp.x86_64
ovn22.09-22.09.0-31.el9fdp.x86_64
ovn22.09-central-22.09.0-31.el9fdp.x86_64
ovn22.09-host-22.09.0-31.el9fdp.x86_64


How reproducible:


Steps to Reproduce:
1. Ran memory leak soak beaker job using Valgrind
2. avc.log in job show errors
3.

Actual results:
AVC denied messages

Expected results:
no AVC denied messages

Additional info:

audit.log attached.

Link to sample AVC log from beaker job:
https://beaker-archive.hosts.prod.psi.bos.redhat.com/beaker-logs/2023/01/74728/7472872/13296060/155487890/725124741/avc.log

Link to beaker job:
https://beaker.engineering.redhat.com/jobs/7472872

Link to sos report:
http://netqe-infra01.knqe.lab.eng.bos.redhat.com/sosreports/sosreport-wsfd-advnetlab34-2023-02-13-tullxvh.tar.xz

Link to test script:
https://gitlab.cee.redhat.com/kernel-qe/kernel/-/blob/master/networking/openvswitch/memory_leak_soak/runtest.sh

Link to location in test script where Valgrind is configured:
https://gitlab.cee.redhat.com/kernel-qe/kernel/-/blob/master/networking/openvswitch/memory_leak_soak/runtest.sh#L308
Comment 2 ovs-bot 2024-10-08 17:49:14 UTC 
This bug did not meet the criteria for automatic migration and is being closed.
If the issue remains, please open a new ticket in https://issues.redhat.com/browse/FDP
Comment 3 Red Hat Bugzilla 2025-02-06 04:25:20 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days