Bug 667747

Summary: avc errors in beaker with NetworkManager tests
Product: Red Hat Enterprise Linux 6 Reporter: Vladimir Benes <vbenes>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: bpeck, dwalsh, mcsontos, zcerza
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-26 21:38:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vladimir Benes 2011-01-06 16:48:16 UTC 
Description of problem:
I can see some avc denials and my beaker jobs are failing because of it.. I use dogtail to bring Xorg up and then I create profiles via dogtail and nm-connection-editor.. no errors while executed by hand.
can this be initrc_t bug? don't know exactly how beaker operates it's scripts


Version-Release number of selected component (if applicable):
beaker-6.1
selinux-policy-3.7.19-54.el6.noarch

https://beaker.engineering.redhat.com/jobs/43864
^^^ this job is affected

How reproducible:
100%

Steps to Reproduce:
1.execute dogtail job in beaker

  
Actual results:
avc errors and thus job failure

Expected results:
no errors, no failures 

Additional info:
Comment 2 Daniel Walsh 2011-01-06 19:23:43 UTC 
You probably need to run this using runcon to get it running as unconfined_t.
Comment 3 Zack Cerza 2011-01-06 19:34:22 UTC 
(In reply to comment #2)
> You probably need to run this using runcon to get it running as unconfined_t.

I wonder if we'll want to file an RFE on Beaker - seems a lot of tests would be more appropriately run as unconfied_t rather than inirc_t
Comment 4 Daniel Walsh 2011-01-06 20:38:23 UTC 
Tests of user apps should be done as unconfined_t, tests of system apps/daemons should be done as initrc_t.
Comment 5 Bill Peck 2011-01-26 21:40:54 UTC 
newest beah harness will run tests as unconfined_t by default.  This will be in the next release.
Comment 6 Marian Csontos 2011-01-27 07:11:08 UTC 
For record changing to duplicate.

*** This bug has been marked as a duplicate of bug 669665 ***