Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1346161 - avc check is reporting same AVC for multiple tests
Summary: avc check is reporting same AVC for multiple tests
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Restraint
Classification: Retired
Component: general
Version: 0.1.24
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: 0.1.25
Assignee: Bill Peck
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-14 06:54 UTC by Jan Stancek
Modified: 2016-08-26 04:50 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-26 04:50:04 UTC


Attachments (Terms of Use)

Description Jan Stancek 2016-06-14 06:54:14 UTC
Description of problem:
AVC check is reporting the same exact AVC in all tasks. For example:

At 2016-06-14 01:07:17 +02:00 a task reports
---------------------------------------------
time->Mon Jun 13 23:06:20 2016
type=SYSCALL msg=audit(1465873580.583:35): arch=c000003e syscall=2 success=no exit=-13 a0=7f9f016453d0 a1=c2 a2=1b6 a3=3 items=0 ppid=1 pid=813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1465873580.583:35): avc:  denied  { create } for  pid=813 comm="NetworkManager" name="resolv.conf.FJ0PIY" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
----

and then ~dozen tasks later at 2016-06-14 03:11:11 +02:00
----------------------------------------------------------
time->Mon Jun 13 23:06:20 2016
type=SYSCALL msg=audit(1465873580.583:35): arch=c000003e syscall=2 success=no exit=-13 a0=7f9f016453d0 a1=c2 a2=1b6 a3=3 items=0 ppid=1 pid=813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1465873580.583:35): avc:  denied  { create } for  pid=813 comm="NetworkManager" name="resolv.conf.FJ0PIY" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file

Version-Release number of selected component (if applicable):


How reproducible:
high with RHEL-7.3-20160609.n.0

Steps to Reproduce:
run KT1 job with RHEL-7.3-20160609.n.0

Actual results:
same AVC is reported for each task

Expected results:
AVC is reported just once

Additional info:

Comment 2 Jan Stancek 2016-06-14 07:59:24 UTC
It's the "AVC from future" problem. Adding beah/rhts BZ for reference:
  Bug 795831 - AVC subtest provide incorrect results on RHEL7
  https://github.com/beaker-project/rhts/commit/cb377e1d

Comment 3 Bill Peck 2016-06-17 13:26:10 UTC
http://gerrit.beaker-project.org/4997

Comment 4 Dan Callaghan 2016-08-26 04:50:04 UTC
Fixed in 0.1.25.


Note You need to log in before you can comment on or make changes to this bug.