Description of problem: After upgrade of RHEL-6.4 with Satellite 5.5.0 installed to glibc-2.12-1.132.el6.x86_64, I started to getting one AVC each ~ 5 - 10 seconds. Also seen on 5.4.1, but not on 5.6.0. Version-Release number of selected component (if applicable): selinux-policy-3.7.19-195.el6_4.18.noarch glibc-2.12-1.132.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Take RHEL 6.4, install Satellite 5.5.0 with embedded Oracle DB on it 2. Upgrade to glibc-2.12-1.132.el6.x86_64 and restart Satellite Actual results: Each ~ 5 - 10 seconds this SELinux AVC message is generated: type=AVC msg=audit(1384348955.069:2073): avc: denied { search } for pid=9003 comm="oracle" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:oracle_db_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir # ps 9003 PID TTY STAT TIME COMMAND 9003 ? Ss 0:00 ora_mmnl_rhnsat Expected results: No AVCs should be generated
SYSCALL generated together with AVC: type=SYSCALL msg=audit(1384353538.383:6728): arch=c000003e syscall=2 per=400000 success=no exit=-13 a0=7fa5c93d82b8 a1=80000 a2=1ffffd44d7d7 a3=4 items=0 ppid=1 pid=6995 auid=4294967295 uid=498 gid=498 euid=498 suid=498 fsuid=498 egid=499 sgid=499 fsgid=499 tty=(none) ses=4294967295 comm="oracle" exe="/opt/apps/oracle/web/product/10.2.0/db_1/bin/oracle" subj=unconfined_u:system_r:oracl
Fixed in spacewalk master by commit 6aa92f5df543de175fcd46a88f7e4b67d1988fa2 1029894 - allow oracle read sysfs
Just noted this message as well on 5.6.0 with embedded PostgreSQL: time->Thu Nov 14 21:55:27 2013 type=SYSCALL msg=audit(1384484127.268:573): arch=c000003e syscall=2 success=no exit=-13 a0=7f18c9ad52b8 a1=80000 a2=2803ff a3=7f1897fff9d0 items=0 ppid=1 pid=27689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) type=AVC msg=audit(1384484127.268:573): avc: denied { search } for pid=27689 comm="cobblerd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
In some very rare cases I do see similar AVC generated by cobbler as well: time->Sun Nov 17 17:04:05 2013 type=SYSCALL msg=audit(1384725845.423:561): arch=c000003e syscall=2 success=no exit=-13 a0=7faf000582b8 a1=80000 a2=2803ff a3=7faeeabfd9d0 items=0 ppid=1 pid=18537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cobblerd" exe="/usr/bin/python" subj=unconfined_u:system_r:cobblerd_t:s0 key=(null) type=AVC msg=audit(1384725845.423:561): avc: denied { search } for pid=18537 comm="cobblerd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
When in Permissive, these AVCs got recorded: type=AVC msg=audit(1384760968.366:1448): avc: denied { search } for pid=19262 comm="cobblerd" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir type=AVC msg=audit(1384760968.366:1448): avc: denied { read } for pid=19262 comm="cobblerd" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1384760968.366:1448): avc: denied { open } for pid=19262 comm="cobblerd" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:cobblerd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file And inode 23 is: /sys/devices/system/cpu/online which contains: # cat /sys/devices/system/cpu/online 0-31 and really, I'm on system with 32 processors: # cat /proc/cpuinfo | grep ^processor | wc -l 32
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1782.html