Bug 803146

Summary: AVC:denied { sys_nice } for pid=18103 comm="python" capability=23
Product: Red Hat Enterprise Linux 7 Reporter: Dong Zhu <dZhu>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Milos Malik <mmalik>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: mmalik, qcai
Target Milestone: alpha   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-14 12:48:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dong Zhu 2012-03-14 03:16:50 UTC 
Description of problem:
when run the testcase on RHEL-7,jobs are always failed because of the AVC


log:
time->Fri Mar  9 09:50:35 2012
type=SYSCALL msg=audit(1331304635.395:253): arch=c000003e syscall=144 success=yes exit=0 a0=46b7 a1=0 a2=7fff164c2790 a3=1 items=0 ppid=1135 pid=18103 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1331304635.395:253): avc:  denied  { setsched } for  pid=18103 comm="python" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=process
type=AVC msg=audit(1331304635.395:253): avc:  denied  { sys_nice } for  pid=18103 comm="python" capability=23  scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=capability
----
time->Fri Mar  9 09:50:35 2012
type=SYSCALL msg=audit(1331304635.581:254): arch=c000003e syscall=2 success=yes exit=6 a0=4013b6 a1=241 a2=1b6 a3=238 items=0 ppid=1 pid=1135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd" exe=2F7573722F62696E2F7268736D6365727464202864656C6574656429 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1331304635.581:254): avc:  denied  { open } for  pid=1135 comm="rhsmcertd" name="update" dev=tmpfs ino=15875 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1331304635.581:254): avc:  denied  { write } for  pid=1135 comm="rhsmcertd" name="update" dev=tmpfs ino=15875 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
----
time->Fri Mar  9 09:50:35 2012
type=SYSCALL msg=audit(1331304635.582:255): arch=c000003e syscall=5 success=yes exit=0 a0=6 a1=7fffb576de20 a2=7fffb576de20 a3=238 items=0 ppid=1 pid=1135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd" exe=2F7573722F62696E2F7268736D6365727464202864656C6574656429 subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1331304635.582:255): avc:  denied  { getattr } for  pid=1135 comm="rhsmcertd" path="/run/rhsm/update" dev=tmpfs ino=15875 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
----
time->Fri Mar  9 13:50:35 2012
type=SYSCALL msg=audit(1331319035.467:454): arch=c000003e syscall=144 success=yes exit=0 a0=6500 a1=0 a2=7fff8a7437d0 a3=1 items=0 ppid=1135 pid=25856 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1331319035.467:454): avc:  denied  { setsched } for  pid=25856 comm="python" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:system_r:rhsmcertd_t:s0 tclass=process
Fail: AVC messages found.


Additional info:
job link : https://beaker.engineering.redhat.com/jobs/201954
Comment 1 Milos Malik 2012-03-14 07:27:34 UTC 
Yet another duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=795668.
Comment 2 Daniel Walsh 2012-03-14 12:48:35 UTC 

*** This bug has been marked as a duplicate of bug 795668 ***