Bug 1404562 - [SELinux] [Eventing]: gluster-eventsapi shows a traceback while adding a webhook
Summary: [SELinux] [Eventing]: gluster-eventsapi shows a traceback while adding a webhook
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.9
Hardware: All
OS: Linux
urgent
high
Target Milestone: rc
: ---
Assignee: Lukas Vrabec
QA Contact: Milos Malik
Mirek Jahoda
URL:
Whiteboard:
Depends On: 1404152
Blocks: 1409482
TreeView+ depends on / blocked
 
Reported: 2016-12-14 06:33 UTC by Sweta Anandpara
Modified: 2017-03-21 09:50 UTC (History)
16 users (show)

Fixed In Version: selinux-policy-3.7.19-307.el6
Doc Type: Bug Fix
Doc Text:
A missing SELinux rule was previously causing errors when adding a webhook using the gluster-eventsapi command. The rule to allow "glusterd_t" domain binds on glusterd UDP port has been added, and adding a webhook using gluster-eventsapi now works properly.
Clone Of: 1379963
: 1409482 (view as bug list)
Environment:
Last Closed: 2017-03-21 09:50:01 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0627 0 normal SHIPPED_LIVE selinux-policy bug fix update 2017-03-21 12:29:23 UTC

Comment 1 Milos Malik 2016-12-14 08:29:28 UTC 
SELinux policy developers need to see the AVC which appear on RHEL-6. It won't be the same AVC as on RHEL-7, because unconfined_service_t is not defined in RHEL-6.
Comment 5 Sweta Anandpara 2016-12-15 05:45:01 UTC 
This is the avc generated in rhel6.8 machines:

type=AVC msg=audit(1481780470.788:890289): avc:  denied  { signal } for  pid=22888 comm="python" scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1481780470.788:890289): arch=c000003e syscall=62 success=no exit=-13 a0=6a59 a1=c a2=1 a3=7ffc1e6768f8 items=0 ppid=25347 pid=22888 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=42645 comm="python" exe="/usr/bin/python" subj=unconfined_u:system_r:glusterd_t:s0 key=(null)
Comment 11 errata-xmlrpc 2017-03-21 09:50:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0627.html
Note You need to log in before you can comment on or make changes to this bug.