Bug 980353
Summary: | there will be AVC denial in audit.log when jenkins build is finished | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Gaoyun Pei <gpei> | |
Component: | Containers | Assignee: | Brenton Leanhardt <bleanhar> | |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 1.2.0 | CC: | libra-onpremise-devel, mgrepl | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1016057 (view as bug list) | Environment: | ||
Last Closed: | 2013-12-16 09:10:59 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1016057 | |||
Bug Blocks: |
Description
Gaoyun Pei
2013-07-02 07:12:23 UTC
Miroslav, Would it be possible to allow processes running in Gears to read MTRR info? require { type mtrr_device_t; type openshift_t; class file getattr; } #============= openshift_t ============== allow openshift_t mtrr_device_t:file getattr; This is fairly low severity for now so it could wait until RHEL 6.5. Are you getting more AVC msgs in permissive mode? There are no additional AVC messages in permissive mode. Could you open a new rhel6.5 bug? verify this bug on puddle: 2.0/2013-11-15.1 selinux-policy-3.7.19-231.el6.noarch selinux-policy-targeted-3.7.19-231.el6.noarch In the end of jenkins build, it would NOT generate avc denial in audit.log on node |