Bug 1025673 - repetitive AVCs with monitoring with selinux-policy-3.7.19-231.el6.noarch
repetitive AVCs with monitoring with selinux-policy-3.7.19-231.el6.noarch
Status: CLOSED WONTFIX
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Monitoring (Show other bugs)
560
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milan Zázrivec
Red Hat Satellite QA List
:
Depends On:
Blocks: 462714
  Show dependency treegraph
 
Reported: 2013-11-01 04:53 EDT by Jan Hutař
Modified: 2017-04-28 14:44 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-04-28 14:44:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Hutař 2013-11-01 04:53:39 EDT
Description of problem:
On RHEL6 we now have updated from selinux-policy-3.7.19-195.el6_4.13.noarch to selinux-policy-3.7.19-231.el6.noarch and then these AVC SELinux messages started to periodically appear in audit.log:


type=AVC msg=audit(1383294977.003:911): avc:  denied  { read } for  pid=9151 comm="TSDBLocalQueue." name="1383284835.8529" dev=dm-0 ino=539963 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.003:911): arch=c000003e syscall=2 success=yes exit=6 a0=10ae840 a1=0 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1383294977.028:912): avc:  denied  { write } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.028:912): arch=c000003e syscall=2 success=yes exit=6 a0=10ab990 a1=241 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1383294977.042:913): avc:  denied  { rename } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=AVC msg=audit(1383294977.042:913): avc:  denied  { unlink } for  pid=9151 comm="TSDBLocalQueue." name="queuefile.positions" dev=dm-0 ino=539957 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file
type=SYSCALL msg=audit(1383294977.042:913): arch=c000003e syscall=82 success=yes exit=0 a0=10ae750 a1=10abb60 a2=8 a3=8875f0 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null)


Version-Release number of selected component (if applicable):
spacewalk-monitoring-2.0.1-1.el6sat.noarch
spacewalk-monitoring-selinux-2.0.1-1.el6sat.noarch
selinux-policy-3.7.19-231.el6.noarch


How reproducible:
always


Steps to Reproduce:
1. Enable Monitoring on RHEL6/Permissive system with given selinux-policy
   version, setup some probes
2. Monitor /var/log/audit/audit.log


Actual results:
AVCs generated


Expected results:
no AVCs should be generated
Comment 3 Grant Gainey 2017-04-28 14:44:41 EDT
Monitoring has a number of issues, and is being removed in the upcoming SATELLITE-5.8 release. Closing, WONTFIX

Note You need to log in before you can comment on or make changes to this bug.