Created attachment 1227674 [details] /var/log; /tmp; sosreport Description of problem: [RHVH 4.0.6] avc denied errors (dev="tmpfs") in audit.log after upgrade # imgbase layout rhvh-4.0-0.20161116.0 +- rhvh-4.0-0.20161116.0+1 rhvh-4.0-0.20161130.0 +- rhvh-4.0-0.20161130.0+1 Version-Release number of selected component (if applicable): redhat-virtualization-host-4.0-20161116.1 imgbased-0.8.10-0.1.el7ev.noarch redhat-virtualization-host-4.0-20161130.0 imgbased-0.8.10-0.1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda. 2. Login RHVH and setup local repos 3. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0 4. Reboot and login the new build. 5. grep "avc: denied" /var/log/audit/audit.log Actual results: After step5, avc denied errors (dev="tmpfs") in audit.log after upgrade grep "avc: denied" /var/log/audit/audit.log type=AVC msg=audit(1480665183.943:621): avc: denied { write } for pid=21818 comm="rpc.statd" path="/run/rpc.statd.lock" dev="tmpfs" ino=51145 scontext=system_u:system_r:rpcd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file Expected results: No avc denied errors in audit.log. Additional info: No such issue on clean RHVH(no update) 4.0.6 build.
Does this denial also appear on RHEL-H?
(In reply to Fabian Deutsch from comment #1) > Does this denial also appear on RHEL-H? No such issue on RHEL-H.
I can't reproduce this. Were any additional steps taken?
I threw a patch at this, but I can't verify this without a reproducer.
(In reply to Ryan Barry from comment #3) > I can't reproduce this. Were any additional steps taken? Hi Ryan, After double check, the registration step is must. Let me correct the steps. 1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda. 2. Register RHVH to RHVM. 2. Login RHVH and setup local repos 3. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0 4. Reboot and login the new build. 5. grep "avc: denied" /var/log/audit/audit.log
I'm still not able to reproduce this. I'll put up a test build later today for QE verification. Steps taken: 1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda. 2. Register RHVH to RHVM. 3. Login RHVH and setup local repos 4. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0 5. Reboot and login the new build. 6. grep "avc: denied" /var/log/audit/audit.log No messages. I waited about 60 minutes before commenting here just to make sure nothing came up. Were any other steps taken? Attaching to storage? Setting up networks? Adding VMs?
Is any NFS functionality impacted? Could you please test a simple flow with a NFS SD?
(In reply to Fabian Deutsch from comment #8) > Is any NFS functionality impacted? Could you please test a simple flow with > a NFS SD? It seems no effect during my testing. After two days testing, I can't reproduce this issue anymore. Test scenarios 1: 1. Install RHVH old version. 2. Register RHVH to RHVM. 3. Attaching to storage 4. Adding VMs 5. Yum update to the latest RHVH. Test result: Pass without AVC error. Test scenarios 2: 1. Install RHVH old version. 2. Yum update to the latest RHVH. 3. Register RHVH to RHVM. 4. Attaching to storage 5. Adding VMs Test result: Pass without AVC error. Test scenarios 3: 1. Install RHVH old version. 2. Register RHVH to RHVM. 3. Attaching to storage 4. Adding VMs 5. Upgrade to the latest RHVH via RHVM. Test result: Pass without AVC error. Test scenarios 4: Repeat scenario 3 with bond+vlan env. Test result: Pass without AVC error.
Moving this out for now according to comment 9
chen, could you take a look at this bug if we can not reproduce this bug on latest 4.0.z build and 4.1 build, we probably consider to close it.
(In reply to Ying Cui from comment #11) > chen, could you take a look at this bug if we can not reproduce this bug on > latest 4.0.z build and 4.1 build, we probably consider to close it. After repeated testing, the bug can't be reproduce anymore on latest 4.0.z(redhat-virtualization-host-4.0-20170104.1 ) build and 4.1(redhat-virtualization-host-4.1-20160116.0) build. So close this bug as WORKSFORME. Fell free to re-open this bug if can reproduce it again in the future.