Created attachment 1234261 [details] /var/log/*.*; /tmp/log; sosreport; Description of problem: After RHEVH installed,there are AVC denied errors (dev="tmpfs") in audit.log. type=AVC msg=audit(1482319168.924:51): avc: denied { read } for pid=1998 comm="iptables" name="xtables.lock" dev="tmpfs" ino=23877 scontext=system_u:system_r:iptables_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file Version: rhev-hypervisor7-7.2-20161220.0 ovirt-node-3.6.1-15.0.el7ev.noarch selinux-policy-3.13.1-60.el7_2.9.noarch How reproducible: 100% Steps to Reproduce: 1.RHEV-H installed successful. selinux in enforcing mode as default. 2.Login to rhevh, #grep "avc: denied" /var/log/audit/audit.log Actual results: AVC msgs in audit.log Expected results: No avc denied errors in audit.log.
The only package changed here was the kernel, so I'd be somewhat surprised if this was new. Can this be reproduced on 3.6.10? If not, I'd suggest that we close this once 3.6.10
(In reply to Ryan Barry from comment #1) > The only package changed here was the kernel, so I'd be somewhat surprised > if this was new. > > Can this be reproduced on 3.6.10? If not, I'd suggest that we close this > once 3.6.10 This error can be reproduced on 3.6.10 as well. Test version: RHEV-H 7.3 for RHEV 3.6.10 (rhev-hypervisor7-7.3-20161028.1) ovirt-node-3.6.1-34.0.el7ev.noarch selinux-policy-3.13.1-102.el7.noarch # cat /etc/redhat-release Red Hat Enterprise Virtualization Hypervisor release 7.3 (20161028.1.el7ev) # # grep "avc: denied" /var/log/audit/audit.log type=AVC msg=audit(1482459394.399:25): avc: denied { read write } for pid=1297 comm="lldpad" name="lldpad.state" dev="tmpfs" ino=18471 scontext=system_u:system_r:lldpad_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file
Please also check if this is reproducible on RHEL-H - I could imagine that it is as well.
(In reply to Fabian Deutsch from comment #4) > Please also check if this is reproducible on RHEL-H - I could imagine that > it is as well. This is vintage RHEV-H 7.3 _ONLY_ bug, I could recall during last RHVH 4.0.6 build testing, chen did not mention such error. From this bug description, it is 100% reproduce on vintage RHEV-H 7.3. Chen, correct me if needed.
This looks very similar to rhbz#1401208 (also on 7.3). That bug was not 100% reproducible, but the same bug appearing on two streams makes me wonder if it's also reproducible on RHEL, since vintage and NGN don't share any appreciable amount of code.
Seems that the autolinking is gone: https://bugzilla.redhat.com/show_bug.cgi?id=1401208
(In reply to Fabian Deutsch from comment #4) > Please also check if this is reproducible on RHEL-H - I could imagine that > it is as well. No such issue on RHEL-H (RHEL-7.3-20161019.0-Server-x86_64-dvd1.iso + selinux-policy-3.7.19-231.el6.noarch).
Interesting. Then we really need to understand why we get this AVC on RHVH. Can you please also check RHEL-H with /var on a separate LV?
My bad, it's vintage Node.
Cancel the needinfo flag according #c10.
Test version: rhev-hypervisor7-7.3-20170110.1 ovirt-node-3.6.1-40.0.el7ev.noarch selinux-policy-3.13.1-102.el7_3.7.noarch Test steps: 1.RHEV-H installed successful. selinux in enforcing mode as default. 2.Login to rhevh, # grep "avc: denied" /var/log/audit/audit.log Test result: No avc denied errors in audit.log. So the bug is fixed by build rhev-hypervisor7-7.3-20170110.1, I will verify this bug once bug status is ON_QA.
Verify this bug according #c13.