Bug 1375675 - atomic run sadc: Unauthorized SELinux unlabeled_t /etc/cron.d/sysstat
Summary: atomic run sadc: Unauthorized SELinux unlabeled_t /etc/cron.d/sysstat
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sadc-container
Version: 7.2
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jeremy Eder
QA Contact: atomic-bugs@redhat.com
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-13 16:24 UTC by Chris Evich
Modified: 2018-09-06 12:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-06 12:11:28 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2639 0 normal SHIPPED_LIVE Red Hat Enterprise Linux Atomic sadc 7.3 Container Image Update 2016-11-03 21:22:37 UTC

Description Chris Evich 2016-09-13 16:24:06 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
registry.access.../rhel7/sadc 7.2-22 e28c21c5642b

How reproducible:
100%

Steps to Reproduce:
1. Update/Rebase RHELAH to 7.2.7
2. atomic install registry.access.../rhel7/sadc:7.2-22
3. atomic run registry.access.../rhel7/sadc:7.2-22

Actual results:
(from logs)
Sep 13 11:22:01 localhost.localdomain crond[747]: ((null)) Unauthorized SELinux context=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 file_context=system_u:object_r:unlabeled_t:s0 (/etc/cron.d/sysstat)
...cut...
Sep 13 11:22:01 localhost.localdomain crond[747]: (root) FAILED (loading cron table)

Expected results:
Sep 13 11:27:33 localhost.localdomain systemd[1]: Reloaded Command Scheduler.
...cut...
Sep 13 11:30:01 localhost.localdomain CROND[13748]: (root) CMD (docker exec -d sadc /usr/lib64/sa/sa1 1 1)

Additional info:
# ls -laZ /etc/cron.d/sysstat /etc/sysconfig/sysstat /etc/sysconfig/sysstat.ioconf /usr/local/bin/sysstat.sh
-rw-r--r--. root root system_u:object_r:unlabeled_t:s0 /etc/cron.d/sysstat
-rw-r--r--. root root system_u:object_r:unlabeled_t:s0 /etc/sysconfig/sysstat
-rw-r--r--. root root system_u:object_r:unlabeled_t:s0 /etc/sysconfig/sysstat.ioconf
-rwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /usr/local/bin/sysstat.sh

# fixfiles relabel /etc/cron.d/sysstat /etc/sysconfig/sysstat /etc/sysconfig/sysstat.ioconf /usr/local/bin/sysstat.sh
...cut...
# ls -laZ /etc/cron.d/sysstat /etc/sysconfig/sysstat /etc/sysconfig/sysstat.ioconf /usr/local/bin/sysstat.sh
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/sysstat
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/sysconfig/sysstat
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/sysconfig/sysstat.ioconf
-rwxr-xr-x. root root system_u:object_r:var_t:s0       /usr/local/bin/sysstat.sh

# systemctl reload crond
(expected results logged)
Comment 4 Frantisek Kluknavsky 2018-09-06 12:11:28 UTC 
not closed by mistake
Note You need to log in before you can comment on or make changes to this bug.