Bug 766184

Summary: selinux denials for postgres after aeolus run
Product: Red Hat Enterprise Linux 6 Reporter: wes hayutin <whayutin>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: akarol, deltacloud-maint, dwalsh, morazi, ssachdev
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-04 16:29:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 744194, 750954    

Description wes hayutin 2011-12-10 20:50:05 UTC 
Description of problem:

Not 100% if aeolus is causing this, but opening to be sure. None of these error caused a fatal for aeolus

[root@qeblade30 ~]#  ausearch -m avc
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.300:159662): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=22 items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.300:159662): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.303:159663): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=1 a2=0 a3=7f777bf6c14c items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.303:159663): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.381:159664): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=4c items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.381:159664): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.753:159673): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=22 items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.753:159673): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.756:159674): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=1 a2=0 a3=7fc27ca6d14c items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.756:159674): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.851:159675): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=4c items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.851:159675): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
Comment 1 Francesco Vollero 2011-12-15 16:13:57 UTC 
After a quick call with mgrepl, we discovered that this problem is not related to us (CloudForms) but is a kernel problem related with ipv6, so we agreed to move it in selinux-components.
Comment 2 wes hayutin 2012-01-03 17:43:02 UTC 
adding ce-sprint-next bugs to ce-sprint
Comment 3 Francesco Vollero 2012-01-03 18:33:07 UTC 
Could someone with rights move it from cloudform to selinux-components please?
Comment 5 Daniel Walsh 2012-01-04 16:29:20 UTC 
You have disabled IPV6 improperly.

http://danwalsh.livejournal.com/47118.html