Bug 1157232
| Summary: | AVC errors on staypuft server - RHEL 6.6 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Ofer Blaut <oblaut> | ||||
| Component: | foreman-selinux | Assignee: | Lukas Zapletal <lzap> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Ami Jeain <ajeain> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 5.0 (RHEL 6) | CC: | ahirshbe, mburns, oblaut, rhos-maint, sasha, yeylon | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-10-28 12:26:39 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Reproduced with liveCD - rhel6.5:
rhel-osp-installer-0.4.5-2.el6ost.noarch
ruby193-rubygem-staypuft-0.4.10-1.el6ost.noarch
ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el6ost.noarch
openstack-foreman-installer-2.0.31-1.el6ost.noarch
openstack-puppet-modules-2014.1-24.el6ost.noarch
[root@livecd ~]# grep -ir avc /var/log/*
/var/log/messages:Oct 27 13:11:04 livecd kernel: type=1400 audit(1414429851.360:5): avc: denied { read } for pid=1431 comm="load_policy" path=2F746D702F73682D7468642D31343134343237353330202864656C6574656429 dev=dm-3 ino=121840 scontext=system_u:system_r:load_policy_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file
/var/log/messages:Oct 27 13:11:04 livecd kernel: type=1400 audit(1414429856.680:7): avc: denied { sys_tty_config } for pid=1688 comm="alsaunmute" capability=26 scontext=system_u:system_r:alsa_t:s0 tcontext=system_u:system_r:alsa_t:s0 tclass=capability
/var/log/messages:Oct 27 13:11:06 livecd kernel: type=1400 audit(1414429866.129:8): avc: denied { create } for pid=2097 comm="dbus-daemon" name="system_bus_socket" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:06 livecd kernel: type=1400 audit(1414429866.129:9): avc: denied { setattr } for pid=2097 comm="dbus-daemon" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:08 livecd kernel: type=1400 audit(1414429868.754:10): avc: denied { create } for pid=2144 comm="cupsd" name="cups" scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
/var/log/messages:Oct 27 13:11:08 livecd kernel: type=1400 audit(1414429868.754:11): avc: denied { setattr } for pid=2144 comm="cupsd" name="cups" dev=tmpfs ino=19387 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
/var/log/messages:Oct 27 13:11:09 livecd kernel: type=1400 audit(1414429869.071:12): avc: denied { create } for pid=2144 comm="cupsd" name="cups.sock" scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:09 livecd kernel: type=1400 audit(1414429869.071:13): avc: denied { setattr } for pid=2144 comm="cupsd" name="cups.sock" dev=tmpfs ino=19394 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:09 livecd kernel: type=1400 audit(1414429869.265:14): avc: denied { write } for pid=2169 comm="hald" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:17 livecd kernel: type=1400 audit(1414429877.534:15): avc: denied { write } for pid=2474 comm="gdm-binary" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:17 livecd kernel: type=1400 audit(1414429877.546:16): avc: denied { create } for pid=2474 comm="gdm-binary" name="gdm" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
/var/log/messages:Oct 27 13:11:17 livecd kernel: type=1400 audit(1414429877.546:17): avc: denied { setattr } for pid=2474 comm="gdm-binary" name="gdm" dev=tmpfs ino=20870 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
/var/log/messages:Oct 27 13:11:20 livecd kernel: type=1400 audit(1414429880.611:18): avc: denied { sys_tty_config } for pid=2515 comm="rm" capability=26 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:system_r:passenger_t:s0 tclass=capability
/var/log/messages:Oct 27 13:11:28 livecd kernel: type=1400 audit(1414429888.682:19): avc: denied { write } for pid=2533 comm="console-kit-dae" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:28 livecd kernel: type=1400 audit(1414429888.686:20): avc: denied { create } for pid=2533 comm="console-kit-dae" name="ConsoleKit" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_log_t:s0 tclass=dir
/var/log/messages:Oct 27 13:11:41 livecd kernel: type=1400 audit(1414429901.810:21): avc: denied { write } for pid=2661 comm="rtkit-daemon" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:rtkit_daemon_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:42 livecd kernel: type=1400 audit(1414429902.053:22): avc: denied { write } for pid=2656 comm="polkitd" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:policykit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:11:44 livecd kernel: type=1400 audit(1414429904.054:23): avc: denied { write } for pid=2659 comm="pulseaudio" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:12:14 livecd kernel: type=1400 audit(1414429934.147:24): avc: denied { write } for pid=2834 comm="gnome-clock-app" name="system_bus_socket" dev=tmpfs ino=18853 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:47:23 livecd kernel: type=1400 audit(1414432043.954:25): avc: denied { write } for pid=3913 comm="nmcli" name="system_bus_socket" dev=tmpfs ino=18853 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
/var/log/messages:Oct 27 13:48:42 livecd kernel: type=1400 audit(1414432122.504:26): avc: denied { create } for pid=4089 comm="named" name="named" scontext=unconfined_u:system_r:named_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir
/var/log/messages:Oct 27 13:48:42 livecd kernel: type=1400 audit(1414432122.504:27): avc: denied { setattr } for pid=4089 comm="named" name="named" dev=tmpfs ino=27655 scontext=unconfined_u:system_r:named_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=dir
/var/log/messages:Oct 27 09:52:21 livecd kernel: type=1400 audit(1414417941.400:28): avc: denied { getattr } for pid=6115 comm="PassengerHelper" path="/var/run/foreman/restart.txt" dev=tmpfs ino=34564 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
/var/log/messages:Oct 27 09:52:24 livecd kernel: type=1400 audit(1414417944.676:29): avc: denied { getattr } for pid=6035 comm="PassengerHelper" path="/var/run/foreman/restart.txt" dev=tmpfs ino=34564 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
/var/log/messages:Oct 27 09:56:21 livecd kernel: type=1400 audit(1414418181.787:30): avc: denied { read } for pid=6597 comm="ruby" name="ssl_certificate" dev=tmpfs ino=39653 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
/var/log/messages:Oct 27 09:56:21 livecd kernel: type=1400 audit(1414418181.787:31): avc: denied { open } for pid=6597 comm="ruby" name="ssl_certificate" dev=tmpfs ino=39653 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
/var/log/messages:Oct 27 09:56:21 livecd kernel: type=1400 audit(1414418181.787:32): avc: denied { ioctl } for pid=6597 comm="ruby" path="/var/run/foreman/cache/635/270/ssl_certificate" dev=tmpfs ino=39653 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
/var/log/messages:Oct 27 09:58:51 livecd kernel: type=1400 audit(1414418331.935:33): avc: denied { unlink } for pid=8236 comm="ruby" name="Default_variables_Lookup_Path" dev=tmpfs ino=42596 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
*** This bug has been marked as a duplicate of bug 1047517 *** |
Created attachment 950780 [details] avc log Description of problem: There are AVCs on Staypuft server ( attached logs) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.install staypuft server 2.grep -ir avc /var/log/* 3. Actual results: Expected results: Additional info: