1439137 – AVC denials nooticed during DS-migration for IPA.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1439137 - AVC denials nooticed during DS-migration for IPA.

Summary: AVC denials nooticed during DS-migration for IPA.

Keywords:
Status:	CLOSED DUPLICATE of bug 1436689
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	7.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Lukas Vrabec
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-04-05 10:13 UTC by Nikhil Dehadrai
Modified:	2017-04-11 07:35 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-04-11 07:35:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Nikhil Dehadrai 2017-04-05 10:13:56 UTC

Description of problem:
AVC denials noticed during DS-migration for IPA.

Version-Release number of selected component (if applicable):
ipa-server-4.5.0-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server for DS-migration test suite execution.
2. Initiate automation for DS-Migration test suite. 

Actual Result:
AVC messages are seen on IPA Master.

On Login to IPA MAster following details are observed:
[root@vm-idm-016 ~]# getenforce
Permissive
[root@vm-idm-016 ~]# cat /var/log/audit/audit.log|audit2allow


#============= tomcat_t ==============
allow tomcat_t ldap_port_t:tcp_socket name_connect;
allow tomcat_t pki_tomcat_etc_rw_t:dir { getattr open read };
allow tomcat_t pki_tomcat_etc_rw_t:file getattr;
allow tomcat_t pki_tomcat_var_lib_t:dir { getattr open read };
[root@vm-idm-016 ~]# ausearch -m AVC -ts today
----
time->Wed Apr  5 14:40:13 2017
type=PATH msg=audit(1491383413.144:670): item=0 name="/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml" inode=100717464 dev=fd:00 mode=0100660 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491383413.144:670):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491383413.144:670): arch=c000003e syscall=4 success=yes exit=0 a0=7fc5c4004ea0 a1=7fc593dfc5a0 a2=7fc593dfc5a0 a3=4 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383413.144:670): avc:  denied  { getattr } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml" dev="dm-0" ino=100717464 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=file
----
time->Wed Apr  5 14:40:13 2017
type=PATH msg=audit(1491383413.146:671): item=0 name="/var/lib/pki/pki-tomcat" inode=67301918 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491383413.146:671):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491383413.146:671): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfab10 a1=7fc593df99e0 a2=7fc593df99e0 a3=1f items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383413.146:671): avc:  denied  { getattr } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat" dev="dm-0" ino=67301918 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 14:40:13 2017
type=PATH msg=audit(1491383413.146:672): item=0 name="/var/lib/pki/pki-tomcat/webapps" inode=1639993 dev=fd:00 mode=040755 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491383413.146:672):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491383413.146:672): arch=c000003e syscall=257 success=yes exit=91 a0=ffffffffffffff9c a1=7fc5c4005300 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383413.146:672): avc:  denied  { open } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat/webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1491383413.146:672): avc:  denied  { read } for  pid=24966 comm="java" name="webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 14:40:13 2017
type=PATH msg=audit(1491383413.146:673): item=0 name="/etc/pki/pki-tomcat/Catalina/localhost" inode=100717463 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491383413.146:673):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491383413.146:673): arch=c000003e syscall=257 success=yes exit=91 a0=ffffffffffffff9c a1=7fc5c40034d0 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383413.146:673): avc:  denied  { open } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat/Catalina/localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
type=AVC msg=audit(1491383413.146:673): avc:  denied  { read } for  pid=24966 comm="java" name="localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
----
time->Wed Apr  5 14:40:23 2017
type=PATH msg=audit(1491383423.147:674): item=0 name="/etc/pki/pki-tomcat" inode=34457082 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491383423.147:674):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491383423.147:674): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfaba0 a1=7fc593df9a70 a2=7fc593df9a70 a3=4 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383423.147:674): avc:  denied  { getattr } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat" dev="dm-0" ino=34457082 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
----
time->Wed Apr  5 14:42:12 2017
type=SOCKADDR msg=audit(1491383532.861:675): saddr=0A00027C0000000000000000000000000000FFFF0A41CE9600000000
type=SYSCALL msg=audit(1491383532.861:675): arch=c000003e syscall=42 success=yes exit=0 a0=5b a1=7fc593efcb20 a2=1c a3=46e items=0 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491383532.861:675): avc:  denied  { name_connect } for  pid=24966 comm="java" dest=636 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket
----
time->Wed Apr  5 14:52:03 2017
type=PATH msg=audit(1491384123.299:683): item=0 name="/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml" inode=100717464 dev=fd:00 mode=0100660 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491384123.299:683):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491384123.299:683): arch=c000003e syscall=4 success=yes exit=0 a0=7fc5c4004ea0 a1=7fc593dfc380 a2=7fc593dfc380 a3=4 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491384123.299:683): avc:  denied  { getattr } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat/Catalina/localhost/ROOT.xml" dev="dm-0" ino=100717464 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=file
----
time->Wed Apr  5 14:53:33 2017
type=PATH msg=audit(1491384213.316:684): item=0 name="/etc/pki/pki-tomcat/Catalina/localhost" inode=100717463 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491384213.316:684):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491384213.316:684): arch=c000003e syscall=257 success=yes exit=92 a0=ffffffffffffff9c a1=7fc5c4004ea0 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491384213.316:684): avc:  denied  { open } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat/Catalina/localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
type=AVC msg=audit(1491384213.316:684): avc:  denied  { read } for  pid=24966 comm="java" name="localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
----
time->Wed Apr  5 14:53:53 2017
type=PATH msg=audit(1491384233.321:685): item=0 name="/etc/pki/pki-tomcat" inode=34457082 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491384233.321:685):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491384233.321:685): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfa980 a1=7fc593df9850 a2=7fc593df9850 a3=4 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491384233.321:685): avc:  denied  { getattr } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat" dev="dm-0" ino=34457082 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
----
time->Wed Apr  5 14:56:43 2017
type=PATH msg=audit(1491384403.356:687): item=0 name="/var/lib/pki/pki-tomcat/webapps" inode=1639993 dev=fd:00 mode=040755 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491384403.356:687):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491384403.356:687): arch=c000003e syscall=257 success=yes exit=92 a0=ffffffffffffff9c a1=7fc5c40061e0 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491384403.356:687): avc:  denied  { open } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat/webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1491384403.356:687): avc:  denied  { read } for  pid=24966 comm="java" name="webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 14:56:43 2017
type=PATH msg=audit(1491384403.356:686): item=0 name="/var/lib/pki/pki-tomcat" inode=67301918 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491384403.356:686):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491384403.356:686): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfab60 a1=7fc593df9a30 a2=7fc593df9a30 a3=7fc5dd052440 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491384403.356:686): avc:  denied  { getattr } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat" dev="dm-0" ino=67301918 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 15:24:33 2017
type=PATH msg=audit(1491386073.699:722): item=0 name="/var/lib/pki/pki-tomcat/webapps" inode=1639993 dev=fd:00 mode=040755 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491386073.699:722):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491386073.699:722): arch=c000003e syscall=257 success=yes exit=92 a0=ffffffffffffff9c a1=7fc5c4013550 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491386073.699:722): avc:  denied  { open } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat/webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
type=AVC msg=audit(1491386073.699:722): avc:  denied  { read } for  pid=24966 comm="java" name="webapps" dev="dm-0" ino=1639993 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 15:24:33 2017
type=PATH msg=audit(1491386073.699:723): item=0 name="/etc/pki/pki-tomcat/Catalina/localhost" inode=100717463 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491386073.699:723):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491386073.699:723): arch=c000003e syscall=257 success=yes exit=92 a0=ffffffffffffff9c a1=7fc5c4004ea0 a2=90800 a3=0 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491386073.699:723): avc:  denied  { open } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat/Catalina/localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
type=AVC msg=audit(1491386073.699:723): avc:  denied  { read } for  pid=24966 comm="java" name="localhost" dev="dm-0" ino=100717463 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
----
time->Wed Apr  5 15:24:43 2017
type=PATH msg=audit(1491386083.702:724): item=0 name="/var/lib/pki/pki-tomcat" inode=67301918 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_var_lib_t:s0 objtype=NORMAL
type=CWD msg=audit(1491386083.702:724):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491386083.702:724): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfab30 a1=7fc593df9a00 a2=7fc593df9a00 a3=7fc5dd052440 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491386083.702:724): avc:  denied  { getattr } for  pid=24966 comm="java" path="/var/lib/pki/pki-tomcat" dev="dm-0" ino=67301918 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_var_lib_t:s0 tclass=dir
----
time->Wed Apr  5 15:24:53 2017
type=PATH msg=audit(1491386093.704:725): item=0 name="/etc/pki/pki-tomcat" inode=34457082 dev=fd:00 mode=040770 ouid=17 ogid=17 rdev=00:00 obj=system_u:object_r:pki_tomcat_etc_rw_t:s0 objtype=NORMAL
type=CWD msg=audit(1491386093.704:725):  cwd="/usr/share/tomcat"
type=SYSCALL msg=audit(1491386093.704:725): arch=c000003e syscall=6 success=yes exit=0 a0=7fc593dfa930 a1=7fc593df9800 a2=7fc593df9800 a3=4 items=1 ppid=1 pid=24966 auid=4294967295 uid=17 gid=17 euid=17 suid=17 fsuid=17 egid=17 sgid=17 fsgid=17 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-9.b14.el7.x86_64/jre/bin/java" subj=system_u:system_r:tomcat_t:s0 key=(null)
type=AVC msg=audit(1491386093.704:725): avc:  denied  { getattr } for  pid=24966 comm="java" path="/etc/pki/pki-tomcat" dev="dm-0" ino=34457082 scontext=system_u:system_r:tomcat_t:s0 tcontext=system_u:object_r:pki_tomcat_etc_rw_t:s0 tclass=dir
[root@vm-idm-016 ~]# 


Actual results:
DS-Migration test execution fails

Expected Result:
DS-Migration test execution should succeed.

Comment 2 Lukas Vrabec 2017-04-11 07:35:54 UTC


*** This bug has been marked as a duplicate of bug 1436689 ***

Note You need to log in before you can comment on or make changes to this bug.