1093606 – ami-cfd017b8 RHEL 7.0 x86_64 eu-west-1

Bug 1093606 - ami-cfd017b8 RHEL 7.0 x86_64 eu-west-1

Summary: ami-cfd017b8 RHEL 7.0 x86_64 eu-west-1

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Cloud Image Validation
Classification:	Red Hat
Component:	images
Sub Component:
Version:	RHEL7.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	mkovacik
QA Contact:	mkovacik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-02 08:12 UTC by Vitaly Kuznetsov
Modified:	2014-07-22 15:04 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-22 15:04:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
ami-cfd017b8.yaml (87.03 KB, text/yaml) 2014-05-02 08:12 UTC, Vitaly Kuznetsov	no flags	Details
View All

Description Vitaly Kuznetsov 2014-05-02 08:12:18 UTC

Comment 1 Vitaly Kuznetsov 2014-05-02 08:12:20 UTC

Created attachment 891740 [details]
ami-cfd017b8.yaml

Comment 2 Vitaly Kuznetsov 2014-05-02 08:12:25 UTC

Validation failed for ami-cfd017b8 in eu-west-1 product: RHEL, version: 7.0, arch: x86_64

m3.xlarge
test stage1:testcase_01_bash_history succeeded
test stage1:testcase_02_selinux_context succeeded
test stage1:testcase_03_running_services succeeded
test stage1:testcase_06_inittab succeeded
test stage1:testcase_07_libc6_xen_conf succeeded
test stage1:testcase_08_memory succeeded
test stage1:testcase_09_nameserver succeeded
test stage1:testcase_10_networking succeeded
test stage1:testcase_11_package_set succeeded
test stage1:testcase_14_host_details succeeded
test stage1:testcase_15_rhel_version succeeded
test stage1:testcase_16_selinux succeeded
test stage1:testcase_17_shells succeeded
test stage1:testcase_18_sshd succeeded
test stage1:testcase_19_rhn_system_id succeeded
test stage1:testcase_20_auditd succeeded
test stage1:testcase_21_disk_size_format succeeded
test stage1:testcase_25_uname succeeded
test stage1:testcase_26_verify_rpms succeeded
test stage1:testcase_27_yum_repos failed
--->
	actual repos: {'rhui-REGION-client-config-server-7-beta': True, 'rhui-REGION-rhel-server-releases-beta': True, 'rhui-REGION-rhel-server-releases-debug-beta': False, 'rhui-REGION-rhel-server-releases-source-beta': False}
	expected repos: {'rhui-REGION-client-config-server-7': True, 'rhui-REGION-rhel-server-releases-debug': False, 'rhui-REGION-rhel-server-releases': True, 'rhui-REGION-rhel-server-releases-source': False}
	result: failed
<---
test stage1:testcase_31_subscription_management succeeded
test stage1:testcase_32_ephemeral succeeded
test stage1:testcase_33_userdata succeeded
test stage1:testcase_34_cpu succeeded
test stage1:testcase_35_console succeeded
test stage1:testcase_360_ebs succeeded
test stage1:testcase_39_root_is_locked succeeded
test stage1:testcase_41_rh_amazon_rhui_client failed
--->
	actual: 1
	command: rpm -q rh-amazon-rhui-client
	result: failed
<---
test stage1:testcase_50_yum_package_install succeeded
test stage1:testcase_55_yum_group_install failed
--->
	actual: 1
	command: yum -y groupinstall 'Development tools'
	result: failed
<---
--->
	actual: 1
	command: rpm -q glibc-devel
	result: failed
<---
test stage1:testcase_60_yum_update succeeded
test stage1:testcase_61_yum_proxy skipped
--->
	comment: No proxy set
	result: skip
<---
test stage1:testcase_62_cpuflags succeeded
test stage1:testcase_80_no_avc_denials succeeded
test stage1:testcase_99_reboot succeeded
test stage2:testcase_08_memory succeeded
test stage2:testcase_25_uname succeeded
test stage2:testcase_37_sshd_bug923996 succeeded
test stage2:testcase_62_cpuflags succeeded
test stage2:testcase_80_no_avc_denials failed
--->
	actual: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
START
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.171:4): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="shmmax" dev="proc" ino=7421 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.188:5): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="shmall" dev="proc" ino=7422 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.206:6): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="sysrq" dev="proc" ino=7423 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.224:7): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=7424 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.243:8): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=7428 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.263:9): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=7429 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.282:10): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=7431 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/messages:May  2 03:54:41 ip-10-104-13-15 kernel: type=1400 audit(1399017281.510:12): avc:  denied  { write } for  pid=239 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=7432 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:34): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="shmmax" dev="proc" ino=7421 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:35): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="shmall" dev="proc" ino=7422 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:36): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="sysrq" dev="proc" ino=7423 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:37): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=7424 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:38): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=7428 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:39): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=7429 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:40): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=7431 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017286.786:41): avc:  denied  { write } for  pid=575 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=7432 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:43): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="shmmax" dev="proc" ino=7421 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:44): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="shmall" dev="proc" ino=7422 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:45): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="sysrq" dev="proc" ino=7423 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:46): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="core_uses_pid" dev="proc" ino=7424 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:47): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="rp_filter" dev="proc" ino=7428 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:48): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="accept_source_route" dev="proc" ino=7429 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:49): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="protected_hardlinks" dev="proc" ino=7431 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
/var/log/audit/audit.log:type=AVC msg=audit(1399017287.369:50): avc:  denied  { write } for  pid=723 comm="systemd-sysctl" name="protected_symlinks" dev="proc" ino=7432 scontext=system_u:system_r:systemd_sysctl_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
END
[root@ip-10-104-13-15 ~]# 
	command: echo START; grep 'avc:[[:space:]]*denied' /var/log/messages /var/log/audit/audit.log | grep -v userdata; echo END
	expectation: 
START
END

	result: failed
<---

Comment 3 Vitaly Kuznetsov 2014-05-02 08:16:39 UTC

Verified:
rh-amazon-rhui-client-beta included,
content was not released to production rhui,
avc issues are not fixed in 3.10.0-54.0.1.el7 (https://bugzilla.redhat.com/show_bug.cgi?id=1071858)

Comment 4 mkovacik 2014-07-22 15:04:03 UTC

housekeeping

Note You need to log in before you can comment on or make changes to this bug.