Description of problem: On RHEL6 we now have updated from selinux-policy-3.7.19-195.el6_4.13.noarch to selinux-policy-3.7.19-231.el6.noarch and then these AVC SELinux messages started to periodically appear in audit.log: type=AVC msg=audit(1383294977.003:911): avc: denied { read } for pid=9151 comm="TSDBLocalQueue." name="1383284835.8529" dev=dm-0 ino=539963 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file type=SYSCALL msg=audit(1383294977.003:911): arch=c000003e syscall=2 success=yes exit=6 a0=10ae840 a1=0 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null) type=AVC msg=audit(1383294977.028:912): avc: denied { write } for pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file type=SYSCALL msg=audit(1383294977.028:912): arch=c000003e syscall=2 success=yes exit=6 a0=10ab990 a1=241 a2=1b6 a3=7fb7e969fd40 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null) type=AVC msg=audit(1383294977.042:913): avc: denied { rename } for pid=9151 comm="TSDBLocalQueue." name="queuefile.positions..TMP" dev=dm-0 ino=539993 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file type=AVC msg=audit(1383294977.042:913): avc: denied { unlink } for pid=9151 comm="TSDBLocalQueue." name="queuefile.positions" dev=dm-0 ino=539957 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=unconfined_u:object_r:spacewalk_monitoring_log_t:s0 tclass=file type=SYSCALL msg=audit(1383294977.042:913): arch=c000003e syscall=82 success=yes exit=0 a0=10ae750 a1=10abb60 a2=8 a3=8875f0 items=0 ppid=9150 pid=9151 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="TSDBLocalQueue." exe=2F7573722F62696E2F7065726C202864656C6574656429 subj=unconfined_u:system_r:spacewalk_monitoring_t:s0 key=(null) Version-Release number of selected component (if applicable): spacewalk-monitoring-2.0.1-1.el6sat.noarch spacewalk-monitoring-selinux-2.0.1-1.el6sat.noarch selinux-policy-3.7.19-231.el6.noarch How reproducible: always Steps to Reproduce: 1. Enable Monitoring on RHEL6/Permissive system with given selinux-policy version, setup some probes 2. Monitor /var/log/audit/audit.log Actual results: AVCs generated Expected results: no AVCs should be generated
Monitoring has a number of issues, and is being removed in the upcoming SATELLITE-5.8 release. Closing, WONTFIX