Created attachment 1073533 [details] avc.tar.gz Description of problem: After RHEVH installed,there are AVC denied errors in audit.log. Version: rhev-hypervisor6-6.7-20150911.0.el6ev ovirt-node-3.2.3-20.el6.noarch selinux-policy-3.7.19-279.el6_7.5.noarch + rhev-hypervisor7-7.1-20150911.0.el6ev ovirt-node-3.2.3-20.el7.noarch selinux-policy-3.13.1-23.el7_1.17.noarch How reproducible: 100% Steps to Reproduce: 1.RHEV-H installed successful. selinux in enforcing mode as default. 2.Login to rhevh, rhev-hypervisor6-6.7-20150911.0.el6ev # grep "avc: denied" /var/log/audit/audit.log type=AVC msg=audit(1442297840.266:191555): avc: denied { signull } for pid=4411 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process rhev-hypervisor7-7.1-20150911.0.el6ev # grep "avc: denied" /var/log/audit/audit.log type=AVC msg=audit(1442220371.841:628): avc: denied { signull } for pid=19746 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process type=AVC msg=audit(1442297821.262:7760): avc: denied { signull } for pid=12159 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process type=AVC msg=audit(1442298766.021:7898): avc: denied { signull } for pid=13324 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process Actual results: AVC msgs in audit.log Expected results: No avc denied errors in audit.log. Additional info:
Test version: rhev-hypervisor7-7.2-20151025.0.el7ev ovirt-node-3.3.0-0.18.20151022git82dc52c.el7ev.noarch selinux-policy-3.13.1-60.el7.noarch Test steps: 1.RHEV-H installed successful. selinux in enforcing mode as default. 2.Login to rhevh, 3. Run command: #grep "avc: denied" /var/log/audit/audit.log Test result: No avc denied errors in audit.log. So the bug is fixed, change bug status to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0378.html