Bug 806827

Summary: AVC denial having upgraded from 2.0.1
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: mkovacik
Component: RHUAAssignee: James Slagle <jslagle>
Status: CLOSED DUPLICATE QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0.3CC: kbidarka, sghai, tsanders
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-26 13:02:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description mkovacik 2012-03-26 10:09:20 UTC 
Description of problem:
Having upgraded from 2.0.1 to 2.0.3 and applied 'setenforce enforcing' a qpidd AVC denial may be observed upon pulp-server restart


Version-Release number of selected component (if applicable):
RHEL-6.2-RHUI-2.0.3-20120322.0-Server-x86_64-DVD1.iso

How reproducible:
Always

Steps to Reproduce:
1. upgrade from 2.0.1 to 2.0.3
2. setenforce enforcing
3. service pulp-server restart

  
Actual results:
An rhui-related avc message present in /var/log/audit/audit.log

Expected results:
No rhui-related avc messages present in /var/log/audit/audit.log in enforcing mode having upgraded the system to 2.0.3 from 2.0.1

Additional info:
### Screen log, error details

[root@dhcp-31-120 ~]# cp -f /var/log/audit/audit.log /var/log/audit/audit.log.2
[root@dhcp-31-120 ~]# : > /var/log/audit/audit.log
[root@dhcp-31-120 ~]# service pulp-server restart
Stopping httpd:                                            [  OK  ]
Stopping Qpid AMQP daemon:                                 [  OK  ]
Stopping mongod:                                           [  OK  ]
Starting mongod:                                           [  OK  ]
Starting Qpid AMQP daemon:                                 [  OK  ]
Starting httpd:                                            [  OK  ]
[root@dhcp-31-120 ~]# less /var/log/audit/audit.log
[root@dhcp-31-120 ~]# grep -i avc /var/log/audit/audit.log
type=AVC msg=audit(1332756007.594:24774): avc:  denied  { read } for  pid=26033 comm="qpidd" name="tmp" dev=dm-0 ino=395107 scontext=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
[root@dhcp-31-120 ~]#
Comment 1 James Slagle 2012-03-26 13:02:14 UTC 

*** This bug has been marked as a duplicate of bug 788574 ***