1093603 – ami-ef387cee RHEL 7.0 x86_64 ap-northeast-1

Bug 1093603 - ami-ef387cee RHEL 7.0 x86_64 ap-northeast-1

Summary: ami-ef387cee RHEL 7.0 x86_64 ap-northeast-1

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Cloud Image Validation
Classification:	Red Hat
Component:	images
Sub Component:
Version:	RHEL7.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	mkovacik
QA Contact:	mkovacik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-02 08:11 UTC by Vitaly Kuznetsov
Modified:	2014-07-22 15:03 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-22 15:03:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
ami-ef387cee.yaml (67.25 KB, text/yaml) 2014-05-02 08:11 UTC, Vitaly Kuznetsov	no flags	Details
View All

Description Vitaly Kuznetsov 2014-05-02 08:11:10 UTC

Comment 1 Vitaly Kuznetsov 2014-05-02 08:11:13 UTC

Created attachment 891737 [details]
ami-ef387cee.yaml

Comment 2 Vitaly Kuznetsov 2014-05-02 08:11:18 UTC

Validation failed for ami-ef387cee in ap-northeast-1 product: RHEL, version: 7.0, arch: x86_64

m3.xlarge
test stage1:testcase_01_bash_history succeeded
test stage1:testcase_02_selinux_context succeeded
test stage1:testcase_03_running_services succeeded
test stage1:testcase_06_inittab succeeded
test stage1:testcase_07_libc6_xen_conf succeeded
test stage1:testcase_08_memory succeeded
test stage1:testcase_09_nameserver succeeded
test stage1:testcase_10_networking succeeded
test stage1:testcase_11_package_set succeeded
test stage1:testcase_14_host_details succeeded
test stage1:testcase_15_rhel_version succeeded
test stage1:testcase_16_selinux succeeded
test stage1:testcase_17_shells succeeded
test stage1:testcase_18_sshd succeeded
test stage1:testcase_19_rhn_system_id succeeded
test stage1:testcase_20_auditd succeeded
test stage1:testcase_21_disk_size_format succeeded
test stage1:testcase_25_uname succeeded
test stage1:testcase_26_verify_rpms succeeded
test stage1:testcase_27_yum_repos failed
--->
	actual repos: {'rhui-REGION-client-config-server-7-beta': True, 'rhui-REGION-rhel-server-releases-beta': True, 'rhui-REGION-rhel-server-releases-debug-beta': False, 'rhui-REGION-rhel-server-releases-source-beta': False}
	expected repos: {'rhui-REGION-client-config-server-7': True, 'rhui-REGION-rhel-server-releases-debug': False, 'rhui-REGION-rhel-server-releases': True, 'rhui-REGION-rhel-server-releases-source': False}
	result: failed
<---
test stage1:testcase_31_subscription_management succeeded
test stage1:testcase_32_ephemeral succeeded
test stage1:testcase_33_userdata succeeded
test stage1:testcase_34_cpu succeeded
test stage1:testcase_35_console succeeded
test stage1:testcase_360_ebs succeeded
test stage1:testcase_39_root_is_locked succeeded
test stage1:testcase_41_rh_amazon_rhui_client failed
--->
	actual: 1
	command: rpm -q rh-amazon-rhui-client
	result: failed
<---
test stage1:testcase_50_yum_package_install succeeded
test stage1:testcase_55_yum_group_install failed
--->
	actual: 1
	command: yum -y groupinstall 'Development tools'
	result: failed
<---
--->
	actual: 1
	command: rpm -q glibc-devel
	result: failed
<---
test stage1:testcase_60_yum_update succeeded
test stage1:testcase_61_yum_proxy skipped
--->
	comment: No proxy set
	result: skip
<---
test stage1:testcase_62_cpuflags succeeded
test stage1:testcase_80_no_avc_denials succeeded
test stage1:testcase_99_reboot succeeded
test stage2:testcase_08_memory succeeded
test stage2:testcase_25_uname succeeded
test stage2:testcase_37_sshd_bug923996 succeeded
test stage2:testcase_62_cpuflags succeeded
test stage2:testcase_80_no_avc_denials failed
--->
	actual: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
START
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.724:4): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="shmmax" dev="proc" ino=8445 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.736:5): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="shmall" dev="proc" ino=8446 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.748:6): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="sysrq" dev="proc" ino=8447 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.760:7): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=8448 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.760:8): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=8452 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.760:9): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=8453 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:53:33 ip-10-167-142-80 kernel: type=1400 audit(1399017213.760:10): avc:  denied  { write } for  pid=243 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=8455 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:29): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="shmmax" dev="proc" ino=8445 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:30): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="shmall" dev="proc" ino=8446 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:31): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="sysrq" dev="proc" ino=8447 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:32): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=8448 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:33): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=8452 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:34): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=8453 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:35): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=8455 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.443:36): avc:  denied  { write } for  pid=580 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=8456 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.809:39): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="shmmax" dev="proc" ino=8445 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.809:40): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="shmall" dev="proc" ino=8446 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.809:41): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="sysrq" dev="proc" ino=8447 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.809:42): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=8448 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.810:43): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=8452 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.810:44): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=8453 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.810:45): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=8455 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017215.810:46): avc:  denied  { write } for  pid=730 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=8456 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
END
[root@ip-10-167-142-80 ~]# 
	command: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
	expectation: 
START
END

	result: failed
<---

Comment 3 Vitaly Kuznetsov 2014-05-02 08:15:47 UTC

Verified:
rh-amazon-rhui-client-beta included,
content was not released to production rhui,
avc issues are not fixed in 3.10.0-54.0.1.el7 (https://bugzilla.redhat.com/show_bug.cgi?id=1071858)

Comment 4 mkovacik 2014-07-22 15:03:39 UTC

housekeeping

Note You need to log in before you can comment on or make changes to this bug.