1131955 – Instalation (load_policy) throws write selinux denial

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1131955 - Instalation (load_policy) throws write selinux denial

Summary: Instalation (load_policy) throws write selinux denial

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	SELinux
Sub Component:
Version:	6.0.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	Unspecified
Assignee:	Lukas Zapletal
QA Contact:	Tazim Kolhar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-08-20 11:42 UTC by Lukas Pramuk
Modified:	2017-02-23 21:03 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-08-12 05:15:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
foreman-debug (299.52 KB, application/x-xz) 2014-11-21 11:26 UTC, Tazim Kolhar	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1592	0	normal	SHIPPED_LIVE	Important: Red Hat Satellite 6.1.1 on RHEL 6	2015-08-12 09:04:35 UTC

Description Lukas Pramuk 2014-08-20 11:42:24 UTC

Description of problem:
Instalation (load_policy) throws write selinux denial.
 avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023

Version-Release number of selected component (if applicable):
Satellite-6.0.4-RHEL-6-20140813.2

How reproducible:
2 of 2 (once per instalation)

Steps to Reproduce:
1.Install Satellite 6 on RHEL6

Actual results:
time->Tue Aug 19 20:23:17 2014
type=SYSCALL msg=audit(1408494197.904:215): arch=c000003e syscall=59 success=yes exit=0 a0=3d83f80 a1=4135920 a2=0 a3=12 items=0 ppid=3775 pid=4231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408494197.904:215): avc:  denied  { write } for  pid=4231 comm="load_policy" path="/tmp/puppet20140819-5963-f89wh6-0" dev=dm-0 ino=2507669 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1408494197.904:215): avc:  denied  { write } for  pid=4231 comm="load_policy" path="/tmp/puppet20140819-5963-f89wh6-0" dev=dm-0 ino=2507669 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
---
time->Tue Aug 19 19:55:05 2014
type=SYSCALL msg=audit(1408492505.443:197): arch=c000003e syscall=59 success=yes exit=0 a0=3a0df80 a1=3dbf920 a2=0 a3=12 items=0 ppid=16639 pid=16796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1408492505.443:197): avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
type=AVC msg=audit(1408492505.443:197): avc:  denied  { write } for  pid=16796 comm="load_policy" path="/tmp/puppet20140819-19748-14ub799-0" dev=dm-0 ino=1837565 scontext=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file


Expected results:
No AVCs are reported

Comment 1 RHEL Program Management 2014-08-20 11:52:59 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Lukas Zapletal 2014-08-20 20:04:02 UTC

Is the policy loaded?

semodule -l | grep foreman

Does it load properly?

foreman-selinux-enable

What are the domains?

ps axuwwwZ

Are your files correctly labeled?

foreman-selinux-relabel -nv

Please attach foreman-debug tarball or sosreport.

Comment 7 Miroslav Grepl 2014-08-25 18:36:54 UTC

This is a leak coming from puppet.

Comment 8 Lukas Zapletal 2014-08-25 19:07:14 UTC

Harmless, looks like a candidate for:

http://projects.theforeman.org/issues/7249

We can dontaudit this, we should not see this on RHEL7 (EPEL7) puppet.

Comment 9 Miroslav Grepl 2014-08-26 06:54:27 UTC

Yes, just dontaudit it.

Comment 11 Lukas Zapletal 2014-08-27 15:06:54 UTC

The rule is:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

Comment 12 Miroslav Grepl 2014-08-28 13:30:53 UTC

Lukas,
we have

userdom_dontaudit_read_user_tmp_files(load_policy_t)

in Fedora/RHEL7.

Comment 15 Tazim Kolhar 2014-11-21 11:25:25 UTC

VERIFIED:

*** This bug is verified in upstream. This fix should eventually land in future downstream builds ***

Version Tested:
# rpm -qa | grep foreman
ruby193-rubygem-foreman_hooks-0.3.7-2.el7.noarch
rubygem-hammer_cli_foreman_tasks-0.0.3-2.201409091410git163c264.git.0.988ca80.el7.noarch
ruby193-rubygem-foreman_abrt-0.0.4-1.el7.noarch
ruby193-rubygem-foreman_docker-0.2.0-2.el7.noarch
ruby193-rubygem-foreman_bootdisk-4.0.2-1.el7.noarch
rubygem-hammer_cli_foreman-0.1.3-1.201411121216git9381fc5.el7.noarch
hp-dl380pgen8-02-vm-6.lab.bos.redhat.com-foreman-client-1.0-1.noarch
foreman-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-ovirt-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
ruby193-rubygem-foreman-tasks-0.6.9-1.el7.noarch
ruby193-rubygem-foreman_discovery-1.4.0-2.el7.noarch
foreman-postgresql-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-compute-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-gce-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-libvirt-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-vmware-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch
foreman-selinux-1.8.0-0.develop.201410280941git10de1c5.el7.noarch
foreman-proxy-1.8.0-0.develop.201411121327gitab6edc2.el7.noarch
hp-dl380pgen8-02-vm-6.lab.bos.redhat.com-foreman-proxy-1.0-1.noarch
foreman-release-1.8.0-0.develop.201411201054gitbe4602e.el7.noarch

# semodule -l | grep foreman
foreman	1.8.0.0	

# foreman-selinux-enable

# ps axuwwwZ
LABEL                           USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
system_u:system_r:init_t:s0     root         1  0.0  0.1 132764  6048 ?        Ss   Nov17   0:13 /usr/lib/systemd/systemd --system --deserialize 26
system_u:system_r:kernel_t:s0   root         2  0.0  0.0      0     0 ?        S    Nov17   0:00 [kthreadd]
system_u:system_r:kernel_t:s0   root         3  0.0  0.0      0     0 ?        S    Nov17   0:00 [ksoftirqd/0]
system_u:system_r:kernel_t:s0   root         5  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kworker/0:0H]
system_u:system_r:kernel_t:s0   root         7  0.0  0.0      0     0 ?        S    Nov17   0:02 [migration/0]
system_u:system_r:kernel_t:s0   root         8  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcu_bh]
system_u:system_r:kernel_t:s0   root         9  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcuob/0]
system_u:system_r:kernel_t:s0   root        10  0.0  0.0      0     0 ?        S    Nov17   0:00 [rcuob/1]
system_u:system_r:kernel_t:s0   root        11  0.0  0.0      0     0 ?        S    Nov17   0:18 [rcu_sched]
system_u:system_r:kernel_t:s0   root        12  0.0  0.0      0     0 ?        S    Nov17   0:21 [rcuos/0]
system_u:system_r:kernel_t:s0   root        13  0.0  0.0      0     0 ?        S    Nov17   0:14 [rcuos/1]
system_u:system_r:kernel_t:s0   root        14  0.0  0.0      0     0 ?        S    Nov17   0:01 [watchdog/0]
system_u:system_r:kernel_t:s0   root        15  0.0  0.0      0     0 ?        S    Nov17   0:01 [watchdog/1]
system_u:system_r:kernel_t:s0   root        16  0.0  0.0      0     0 ?        S    Nov17   0:02 [migration/1]
system_u:system_r:kernel_t:s0   root        17  0.0  0.0      0     0 ?        S    Nov17   0:00 [ksoftirqd/1]
system_u:system_r:kernel_t:s0   root        19  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kworker/1:0H]
system_u:system_r:kernel_t:s0   root        20  0.0  0.0      0     0 ?        S<   Nov17   0:00 [khelper]
system_u:system_r:kernel_t:s0   root        21  0.0  0.0      0     0 ?        S    Nov17   0:00 [kdevtmpfs]
system_u:system_r:kernel_t:s0   root        22  0.0  0.0      0     0 ?        S<   Nov17   0:00 [netns]
system_u:system_r:kernel_t:s0   root        23  0.0  0.0      0     0 ?        S<   Nov17   0:00 [writeback]
system_u:system_r:kernel_t:s0   root        24  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kintegrityd]
system_u:system_r:kernel_t:s0   root        25  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root        26  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kblockd]
system_u:system_r:kernel_t:s0   root        27  0.0  0.0      0     0 ?        S    Nov17   0:00 [khubd]
system_u:system_r:kernel_t:s0   root        28  0.0  0.0      0     0 ?        S<   Nov17   0:00 [md]
system_u:system_r:kernel_t:s0   root        32  0.0  0.0      0     0 ?        S    Nov17   0:01 [kswapd0]
system_u:system_r:kernel_t:s0   root        33  0.0  0.0      0     0 ?        SN   Nov17   0:00 [ksmd]
system_u:system_r:kernel_t:s0   root        34  0.0  0.0      0     0 ?        SN   Nov17   0:02 [khugepaged]
system_u:system_r:kernel_t:s0   root        35  0.0  0.0      0     0 ?        S    Nov17   0:00 [fsnotify_mark]
system_u:system_r:kernel_t:s0   root        36  0.0  0.0      0     0 ?        S<   Nov17   0:00 [crypto]
system_u:system_r:kernel_t:s0   root        45  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kthrotld]
system_u:system_r:kernel_t:s0   root        47  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kmpath_rdacd]
system_u:system_r:kernel_t:s0   root        48  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kpsmoused]
system_u:system_r:kernel_t:s0   root        67  0.0  0.0      0     0 ?        S<   Nov17   0:00 [deferwq]
system_u:system_r:kernel_t:s0   root        94  0.0  0.0      0     0 ?        S    Nov17   0:00 [kauditd]
system_u:system_r:kernel_t:s0   root       245  0.0  0.0      0     0 ?        S<   Nov17   0:00 [ata_sff]
system_u:system_r:kernel_t:s0   root       246  0.0  0.0      0     0 ?        S    Nov17   0:00 [scsi_eh_0]
system_u:system_r:kernel_t:s0   root       249  0.0  0.0      0     0 ?        S    Nov17   0:00 [kworker/u4:2]
system_u:system_r:kernel_t:s0   root       252  0.0  0.0      0     0 ?        S<   Nov17   0:00 [scsi_tmf_0]
system_u:system_r:kernel_t:s0   root       254  0.0  0.0      0     0 ?        S    Nov17   0:00 [scsi_eh_1]
system_u:system_r:kernel_t:s0   root       255  0.0  0.0      0     0 ?        S<   Nov17   0:00 [scsi_tmf_1]
system_u:system_r:kernel_t:s0   root       259  0.0  0.0      0     0 ?        S<   Nov17   0:00 [ttm_swap]
system_u:system_r:kernel_t:s0   root       333  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kdmflush]
system_u:system_r:kernel_t:s0   root       334  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root       341  0.0  0.0      0     0 ?        S<   Nov17   0:00 [kdmflush]
system_u:system_r:kernel_t:s0   root       342  0.0  0.0      0     0 ?        S<   Nov17   0:00 [bioset]
system_u:system_r:kernel_t:s0   root       355  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfsalloc]
system_u:system_r:kernel_t:s0   root       356  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs_mru_cache]
system_u:system_r:kernel_t:s0   root       357  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfslogd]
system_u:system_r:kernel_t:s0   root       358  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-data/dm-1]
system_u:system_r:kernel_t:s0   root       359  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-conv/dm-1]
system_u:system_r:kernel_t:s0   root       360  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-cil/dm-1]
system_u:system_r:kernel_t:s0   root       361  0.0  0.0      0     0 ?        S<   Nov17   0:02 [kworker/1:1H]
system_u:system_r:kernel_t:s0   root       362  0.0  0.0      0     0 ?        S    Nov17   0:09 [xfsaild/dm-1]
system_u:system_r:syslogd_t:s0  root       434  0.0  0.3  51184 11856 ?        Ss   Nov17   0:17 /usr/lib/systemd/systemd-journald
system_u:system_r:lvm_t:s0      root       438  0.0  0.0 115016  1528 ?        Ss   Nov17   0:00 /usr/sbin/lvmetad -f
system_u:system_r:kernel_t:s0   root       453  0.0  0.0      0     0 ?        S<   Nov17   0:00 [rpciod]
system_u:system_r:kernel_t:s0   root       484  0.0  0.0      0     0 ?        S    Nov17   0:00 [vballoon]
system_u:system_r:kernel_t:s0   root       524  0.0  0.0      0     0 ?        S<   Nov17   0:00 [hd-audio0]
system_u:system_r:kernel_t:s0   root       542  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-data/vda1]
system_u:system_r:kernel_t:s0   root       543  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-conv/vda1]
system_u:system_r:kernel_t:s0   root       544  0.0  0.0      0     0 ?        S<   Nov17   0:00 [xfs-cil/vda1]
system_u:system_r:kernel_t:s0   root       545  0.0  0.0      0     0 ?        S    Nov17   0:00 [xfsaild/vda1]
system_u:system_r:auditd_t:s0   root       551  0.0  0.0  51136   872 ?        S<sl Nov17   0:00 /sbin/auditd -n
system_u:system_r:avahi_t:s0    avahi      582  0.0  0.0  28068  1048 ?        Ss   Nov17   1:44 avahi-daemon: running [hp-dl380pgen8-02-vm-6.local]
system_u:system_r:NetworkManager_t:s0 root 583  0.0  0.1 451908  6232 ?        Ssl  Nov17   0:34 /usr/sbin/NetworkManager --no-daemon
system_u:system_r:irqbalance_t:s0 root     586  0.0  0.0  19112   768 ?        Ss   Nov17   0:12 /usr/sbin/irqbalance --foreground
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 dbus 590 0.0  0.0 100680 1856 ? Ssl Nov17   0:07 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
system_u:system_r:avahi_t:s0    avahi      601  0.0  0.0  27944   168 ?        S    Nov17   0:00 avahi-daemon: chroot helper
system_u:system_r:getty_t:s0-s0:c0.c1023 root 608 0.0  0.0 110004 544 ttyS0    Ss+  Nov17   0:00 /sbin/agetty --keep-baud ttyS0 115200 38400 9600
system_u:system_r:getty_t:s0-s0:c0.c1023 root 609 0.0  0.0 110004 540 tty1     Ss+  Nov17   0:00 /sbin/agetty --noclear tty1
system_u:system_r:mdadm_t:s0    root       620  0.0  0.0   7828  1616 ?        Ss   Nov17   0:01 /sbin/iprinit --daemon
system_u:system_r:mdadm_t:s0    root       622  0.0  0.0   7828  1616 ?        Ss   Nov17   0:01 /sbin/iprupdate --daemon
system_u:system_r:mdadm_t:s0    root       632  0.0  0.0  39124    12 ?        Ss   Nov17   0:00 /sbin/iprdump --daemon
system_u:system_r:policykit_t:s0 polkitd   642  0.0  0.1 513992  4044 ?        Ssl  Nov17   0:00 /usr/lib/polkit-1/polkitd --no-debug
system_u:system_r:dhcpc_t:s0    root       662  0.0  0.3 102312 13232 ?        S    Nov17   0:00 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf /var/lib/NetworkManager/dhclient-99372c8b-deab-432a-8ab3-675f19f08352-eth0.lease -cf /var/lib/NetworkManager/dhclient-eth0.conf eth0
system_u:system_r:rpcbind_t:s0  rpc        901  0.0  0.0  39900  1072 ?        Ss   Nov17   0:00 /sbin/rpcbind -w
system_u:system_r:rpcd_t:s0     rpcuser    923  0.0  0.0  44472  1476 ?        Ss   Nov17   0:00 /sbin/rpc.statd
system_u:system_r:sendmail_t:s0 root       952  0.0  0.0  92916  2512 ?        Ss   Nov17   0:09 sendmail: accepting connections
system_u:system_r:sshd_t:s0-s0:c0.c1023 root 996 0.0  0.0 82956  2144 ?        Ss   Nov17   0:00 /usr/sbin/sshd -D
system_u:system_r:sendmail_t:s0 smmsp     1047  0.0  0.0  88360  1940 ?        Ss   Nov17   0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
system_u:system_r:abrt_t:s0-s0:c0.c1023 root 2331 0.0  0.1 212120 5328 ?       Ss   Nov20   0:00 /usr/sbin/abrtd -d -s
system_u:system_r:cupsd_t:s0-s0:c0.c1023 root 2570 0.0  0.0 177876 3792 ?      Ss   Nov20   0:00 /usr/sbin/cupsd -f
system_u:system_r:kernel_t:s0   root      3047  0.0  0.0      0     0 ?        S<   Nov20   0:00 [bioset]
system_u:system_r:httpd_t:s0    root      3592  0.0  0.2 185760  9396 ?        Ss   Nov20   0:05 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:passenger_t:s0 root     3614  0.0  0.0 214752  1792 ?        Ssl  Nov20   0:00 PassengerWatchdog
system_u:system_r:passenger_t:s0 root     3617  0.2  0.1 1028984 4280 ?        Sl   Nov20   2:40 PassengerHelperAgent
system_u:system_r:passenger_t:s0 nobody   3623  0.0  0.0 219576  3840 ?        Sl   Nov20   0:00 PassengerLoggingAgent
system_u:system_r:httpd_t:s0    apache    3633  0.0  1.6 933356 65196 ?        Sl   Nov20   0:28 (wsgi:pulp)     -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3634  0.0  0.2 188308 10740 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3635  0.0  0.2 188340 10748 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3636  0.0  0.2 188236 10628 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3637  0.0  0.2 188360 10740 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3638  0.0  0.2 188404 10808 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3639  0.0  0.2 188336 10720 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3640  0.0  0.2 188308 10720 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    3641  0.0  0.2 188324 10724 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4695  0.0  0.2 188324 10692 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4709  0.0  0.2 188452 10852 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    4710  0.0  0.2 188240 10600 ?        S    Nov20   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:passenger_t:s0 puppet   5165  0.0  1.5 294900 59608 ?        Sl   Nov20   0:10 Passenger RackApp: /etc/puppet/rack
system_u:system_r:kernel_t:s0   root      6585  0.0  0.0      0     0 ?        S    Nov20   0:00 [kworker/0:0]
system_u:system_r:kernel_t:s0   root      7520  0.0  0.0      0     0 ?        S<   Nov17   0:01 [kworker/0:1H]
system_u:system_r:init_t:s0     foreman+  8447  0.0  1.6 472868 65840 ?        Sl   Nov20   0:14 ruby /usr/share/foreman-proxy/bin/smart-proxy
system_u:system_r:passenger_t:s0 foreman  9401  0.0  9.1 907632 354700 ?       Sl   Nov20   0:44 Passenger RackApp: /usr/share/foreman
system_u:system_r:postgresql_t:s0 postgres 9405 0.0  0.2 234580  8220 ?        Ss   Nov20   0:00 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 9547 0.0  0.4 237092 15616 ?        Ss   Nov20   0:01 postgres: foreman foreman [local] idle
system_u:system_r:init_t:s0     root      9933  0.0  0.4 262504 16384 ?        Ss   Nov17   0:00 /usr/bin/python /usr/bin/beah-srv
system_u:system_r:init_t:s0     root      9934  0.0  0.5 273988 21896 ?        Ss   Nov17   0:03 /usr/bin/python /usr/bin/beah-beaker-backend
system_u:system_r:init_t:s0     root      9935  0.0  0.3 245160 15280 ?        Ss   Nov17   0:00 /usr/bin/python /usr/bin/beah-fwd-backend
system_u:system_r:init_t:s0     root     10373  0.0  0.5 167044 20384 ?        S    Nov17   1:03 /usr/bin/python /usr/bin/beah-rhts-task
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 11515 0.0  0.1 133432 4864 ? Ds 01:27   0:00 sshd: root@pts/0
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 11521 0.0  0.0 115352 2024 pts/0 Ss 01:27   0:00 -bash
system_u:system_r:syslogd_t:s0  root     17739  0.0  0.2 303512 10808 ?        Ssl  Nov20   0:03 /usr/sbin/rsyslogd -n
system_u:system_r:tuned_t:s0    root     17776  0.0  0.4 549984 17380 ?        Ssl  Nov20   0:08 /usr/bin/python -Es /usr/sbin/tuned -l -P
system_u:system_r:crond_t:s0-s0:c0.c1023 root 17857 0.0  0.0 25928 936 ?       Ss   Nov20   0:00 /usr/sbin/atd -f
system_u:system_r:rhsmcertd_t:s0 root    17877  0.0  0.0 113280   700 ?        Ss   Nov20   0:00 /usr/bin/rhsmcertd
system_u:system_r:systemd_logind_t:s0 root 17908 0.0  0.0 34684  1624 ?        Ss   Nov20   0:01 /usr/lib/systemd/systemd-logind
system_u:system_r:kernel_t:s0   root     24470  0.0  0.0      0     0 ?        S    Nov20   0:00 [kworker/u4:1]
system_u:system_r:kernel_t:s0   root     27043  0.0  0.0      0     0 ?        R    04:30   0:00 [kworker/0:2]
system_u:system_r:httpd_t:s0    apache   28337  0.0  0.2 188192 10468 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache   28341  0.0  0.2 188208 10572 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache   28342  0.0  0.2 188216 10568 ?        S    05:03   0:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:initrc_t:s0   elastic+ 28599  0.2  5.1 1723788 201176 ?      Sl   Nov20   3:48 java -Xms256m -Xmx256m -Xss256k -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Delasticsearch -Des.pidfile=/var/run/elasticsearch/elasticsearch.pid -Des.path.home=/usr/share/java/elasticsearch -cp :/usr/share/java/elasticsearch/lib/elasticsearch-0.90.10.jar:/usr/share/java/lucene4-core.jar:/usr/share/java/lucene4-contrib/*:/usr/share/java/sigar/sigar.jar -Des.config=/etc/elasticsearch/elasticsearch.yml -Des.path.conf=/etc/elasticsearch -Des.path.home=/usr/share/java/elasticsearch -Des.path.logs=/var/log/elasticsearch -Des.path.data=/var/lib/elasticsearch -Des.path.work=/tmp/elasticsearch -Des.path.plugins=/usr/share/java/elasticsearch/plugins org.elasticsearch.bootstrap.ElasticSearch
system_u:system_r:ntpd_t:s0     ntp      28808  0.0  0.0  29360  1424 ?        Ss   Nov20   0:03 /usr/sbin/ntpd -u ntp:ntp -g
system_u:system_r:passenger_t:s0 foreman 29184  1.4  7.1 1215032 277696 ?      Sl   05:17   0:51 dynflow_executor
system_u:system_r:postgresql_t:s0 postgres 29209 0.0  0.2 234632 8824 ?        Ss   05:18   0:01 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 29216 0.0  0.1 234576 7692 ?        Ss   05:18   0:00 postgres: foreman foreman [local] idle
system_u:system_r:postgresql_t:s0 postgres 29218 0.0  0.1 234576 6944 ?        Ss   05:18   0:00 postgres: foreman foreman [local] idle
system_u:system_r:crond_t:s0-s0:c0.c1023 root 29231 0.0  0.0 126332 1656 ?     Ss   Nov20   0:01 /usr/sbin/crond -n
system_u:system_r:postgresql_t:s0 postgres 29238 0.0  0.2 232552 9048 ?        S    Nov20   0:02 /usr/bin/postgres -D /var/lib/pgsql/data -p 5432
system_u:system_r:postgresql_t:s0 postgres 29239 0.0  0.0 192296 1876 ?        Ss   Nov20   0:00 postgres: logger process   
system_u:system_r:postgresql_t:s0 postgres 29241 0.0  0.4 232792 17100 ?       Ss   Nov20   0:01 postgres: checkpointer process   
system_u:system_r:postgresql_t:s0 postgres 29242 0.0  0.0 232552 2132 ?        Ss   Nov20   0:00 postgres: writer process   
system_u:system_r:postgresql_t:s0 postgres 29243 0.0  0.0 232552 2308 ?        Ss   Nov20   0:00 postgres: wal writer process   
system_u:system_r:postgresql_t:s0 postgres 29244 0.0  0.0 233688 3392 ?        Ss   Nov20   0:02 postgres: autovacuum launcher process   
system_u:system_r:postgresql_t:s0 postgres 29245 0.0  0.0 192692 2224 ?        Ss   Nov20   0:07 postgres: stats collector process   
system_u:system_r:udev_t:s0-s0:c0.c1023 root 29264 0.0  0.0 44232 3332 ?       Ss   Nov20   0:00 /usr/lib/systemd/systemd-udevd
system_u:system_r:mongod_t:s0   mongodb  29472  0.3  1.1 696436 43448 ?        Sl   Nov20   5:17 /usr/bin/mongod --quiet -f /etc/mongodb.conf run
system_u:system_r:init_t:s0     root     30056  0.0  1.2 259008 47640 ?        Ssl  Nov20   0:03 /usr/bin/ruby /usr/bin/puppet agent  --no-daemonize
system_u:system_r:postgresql_t:s0 postgres 30322 0.0  0.2 234844 7900 ?        Ss   05:43   0:00 postgres: candlepin candlepin 127.0.0.1(57699) idle
system_u:system_r:kernel_t:s0   root     30381  0.0  0.0      0     0 ?        S    05:44   0:00 [kworker/1:0]
system_u:system_r:qpidd_t:s0    qpidd    30832  0.1  1.1 352640 42908 ?        Ssl  Nov20   2:26 /usr/sbin/qpidd --config /etc/qpid/qpidd.conf
system_u:system_r:tomcat_t:s0   tomcat   31021  0.3  8.6 2521024 337632 ?      Sl   Nov20   4:09 java -classpath /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
system_u:system_r:postgresql_t:s0 postgres 31070 0.0  0.2 235172 8660 ?        Ss   Nov20   0:00 postgres: candlepin candlepin 127.0.0.1(38651) idle
system_u:system_r:kernel_t:s0   root     31415  0.0  0.0      0     0 ?        S    06:05   0:00 [kworker/1:1]
system_u:system_r:postgresql_t:s0 postgres 31421 0.0  0.1 235032 7216 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58125) idle
system_u:system_r:postgresql_t:s0 postgres 31422 0.0  0.1 234848 7560 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58126) idle
system_u:system_r:postgresql_t:s0 postgres 31423 0.0  0.1 234848 7576 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58127) idle
system_u:system_r:postgresql_t:s0 postgres 31424 0.0  0.1 234848 7504 ?        Ss   06:05   0:00 postgres: candlepin candlepin 127.0.0.1(58128) idle
system_u:system_r:kernel_t:s0   root     31563  0.0  0.0      0     0 ?        S    06:10   0:00 [kworker/1:2]
system_u:system_r:celery_t:s0   apache   31620  0.5  0.6 696172 26880 ?        Ssl  Nov20   8:05 /usr/bin/python /usr/bin/celery beat --scheduler=pulp.server.async.scheduler.Scheduler
system_u:system_r:celery_t:s0   apache   31685  0.2  1.3 640224 51356 ?        Ssl  Nov20   3:27 /usr/bin/python /usr/bin/celery worker -A pulp.server.async.app -n resource_manager@%h -Q resource_manager -c 1 --events --umask 18
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 31709 0.0  0.0 130184 1448 pts/0 R+ 06:14   0:00 ps axuwwwZ
system_u:system_r:celery_t:s0   apache   31747  0.2  1.3 640184 51396 ?        Ssl  Nov20   3:25 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-0@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31749  0.2  1.2 640224 49248 ?        Ssl  Nov20   3:23 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-1@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31780  0.0  1.0 415820 40964 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -A pulp.server.async.app -n resource_manager@%h -Q resource_manager -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31828  0.0  1.0 417184 42452 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-0@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:celery_t:s0   apache   31846  0.0  1.0 415952 41248 ?        S    Nov20   0:00 /usr/bin/python /usr/bin/celery worker -n reserved_resource_worker-1@%h -A pulp.server.async.app -c 1 --events --umask 18
system_u:system_r:passenger_t:s0 foreman 32383  0.0  2.7 538456 107888 ?       Sl   Nov20   0:00 dynflow_executor_monitor
[root@hp-dl380pgen8-02-vm-6 ~]# foreman-selinux-relabel -nv
/sbin/restorecon reset /usr/share/foreman/config/hooks context system_u:object_r:bin_t:s0->system_u:object_r:foreman_hook_t:s0
/sbin/restorecon reset /etc/foreman context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/database.yml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/email.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello/client.conf context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/plugins/katello.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/settings.yaml context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/encryption_key.rb context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/client_cert.pem context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/client_key.pem context system_u:object_r:etc_t:s0->system_u:object_r:foreman_config_t:s0
/sbin/restorecon reset /etc/foreman/proxy_ca.pem context unconfined_u:object_r:etc_t:s0->unconfined_u:object_r:foreman_config_t:s0

Comment 16 Tazim Kolhar 2014-11-21 11:26:02 UTC

Created attachment 959659 [details]
foreman-debug

Comment 17 Bryan Kearney 2015-08-11 13:22:41 UTC

This bug is slated to be released with Satellite 6.1.

Comment 18 errata-xmlrpc 2015-08-12 05:15:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592

Note You need to log in before you can comment on or make changes to this bug.