Hide Forgot
Description of problem: Running the Cockpit integration tests triggers these messages occasionally: type=1400 audit(1454848791.816:4): avc: denied { append } for pid=1833 comm="rhsmcertd-worke" name="rhsm.log" dev="vda3" ino=25411401 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file type=1400 audit(1454848792.184:5): avc: denied { append } for pid=1835 comm="rhsmcertd-worke" name="rhsm.log" dev="vda3" ino=25411401 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file Version-Release number of selected component (if applicable): subscription-manager-1.15.9-15.el7.x86_64 selinux-policy-targeted-3.13.1-60.el7.noarch
I initially reported that this happens on RHEL Atomic, but it actually happens on non-atomic RHEL. Sorry for the confusion.
If this is not a selinux policy fix, please re-route back to subscription-manager with instructions on what we need to fix. Thanks
The rhsm.log file is mislabeled. Following command should fix it: # restorecon -v /path/to/rhsm.log Was SELinux enabled when the file was created ?
(In reply to Milos Malik from comment #4) > Was SELinux enabled when the file was created ? I think so. # ls -Z /var/log/rhsm/rhsm.log -rw-r--r--. root root unconfined_u:object_r:rhsmcertd_log_t:s0 /var/log/rhsm/rhsm.log I don't know when it is created. I don't have a reliable way to reproduce this error, unforuntaly. It happens very rarely. After removing the file I wasn't able to provoke its recreation via "systemctl restart rhsmcertd", for example.