Description of problem: user_avc seen in audit logs while nfs-ganesha configuration. Version-Release number of selected component (if applicable): 3.7.9-1 How reproducible: Always Steps to Reproduce: 1.Install a 4 node cluster. 2.Configure and setup nfs-ganesha on the cluster 3.Observed below user_avc in audit.log, however It doesn't hamper any functionality as of now type=USER_AVC msg=audit(1459157156.191:3548): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=0 cmdline="systemctl is-enabled corosync pacemaker pcsd" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=system exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? Terminal=?' Actual results: user_avc seen in audit logs while nfs-ganesha configuration. Expected results: Should not be seen Additional info:
Selinux version: [root@dhcp46-247 ganesha]# rpm -qa|grep selinux selinux-policy-targeted-3.13.1-60.el7.noarch selinux-policy-3.13.1-60.el7.noarch
There are no AVC's seen related to pcs,pacemaker,corosync or ganesha as mentioned in bz description on configuring gnaesha on rhel7.3 based layered install. nfs-ganesha-2.4.1-1.el7rhgs.x86_64 nfs-ganesha-gluster-2.4.1-1.el7rhgs.x86_64 glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64 selinux-policy-3.13.1-102.el7_3.4.noarch selinux-policy-targeted-3.13.1-102.el7_3.4.noarch Will verify once with the ISO installation and will update the BZ.
Verified with ISO installation from RHGS3.1.3 upgraded to 3.2 bits and with latest SELinux policy build. Moving the BZ to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2017-0493.html