Bug 1458850 – gssproxy generates nonfatal selinux messages

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1458850 - gssproxy generates nonfatal selinux messages

Summary:	gssproxy generates nonfatal selinux messages

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	gssproxy (Show other bugs)
Sub Component:
Version:	7.4
Hardware:	Unspecified Unspecified

Priority	low Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Robbie Harwood
QA Contact:	ipa-qe
Docs Contact:

URL:
Whiteboard:
Keywords:

Duplicates:	1459145 (view as bug list)
Depends On:
Blocks:	1392968 1458860
	Show dependency tree / graph

Reported:	2017-06-05 11:58 EDT by Namita Soman
Modified:	2018-04-10 07:10 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:	gssproxy-0.7.0-8.el7
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Clones:	1458860 (view as bug list)
Environment:
Last Closed:	2018-04-10 07:09:51 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0709	None	None	None	2018-04-10 07:10 EDT

Groups: None (edit)

Description Namita Soman 2017-06-05 11:58:20 EDT

Description of problem:
When running tps-rpmtest, and tps-srpmtest, it gives error - 

UpgradeTests-selinux throws error - 
UpgradeTest-selinux Test
Running: /usr/sbin/ausearch  -sv no -m AVC -ts  05/31/2017 23:57:19 
 SELinux Check: FAIL
 SELinux AVC messages found:
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.631:297706): arch=c000003e syscall=137 success=no exit=-13 a0=7f1c6b6766c0 a1=7ffc39592a90 a2=fffffffffff47428 a3=7ffc395928c0 items=0 ppid=1 pid=10308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.631:297706): avc:  denied  { getattr } for  pid=10308 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.840:297712): arch=c000003e syscall=137 success=no exit=-13 a0=7f17579576c0 a1=7ffd78399c40 a2=fffffffffff47428 a3=7ffd78399a70 items=0 ppid=1 pid=10340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.840:297712): avc:  denied  { getattr } for  pid=10340 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:58:05 2017
 type=SYSCALL msg=audit(1496289485.517:297738): arch=c000003e syscall=137 success=no exit=-13 a0=7f2209f2b6c0 a1=7ffd11b3be80 a2=fffffffffff47428 a3=7ffd11b3bcb0 items=0 ppid=1 pid=10659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289485.517:297738): avc:  denied  { getattr } for  pid=10659 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 TPSHINT: It is possible that other stable systems activity has caused this issue.
 If you are sure that this is the case, you may waive this failure.
 If you have any doubts, RE-RUN tps-rpmtest to be sure.
 TPSRESULT: UpgradeTest-selinux Returning: FAIL

And VerifyTest fails with:
<..snip..>
result: verify test: FAIL:
 krb5-libs.x86_64: /etc/krb5.conf S.5...... c [tps:a]
 krb5-libs.i686: /etc/krb5.conf S.5...... c [tps:a]
 TPS verify test analysis tags:
 tps:a -- verify errors on both arches
 tps:b -- verify error on file not present in alternative arch
 tps:c -- verify error on preferred binary/ELF file
 tps:d -- significant type of verify error
<..snip..>

Version-Release number of selected component (if applicable):


How reproducible:
always - on all arches

Steps to Reproduce:
1. Run tps tests - tps-rpmtest
2. 
3.

Actual results:
Errors above

Expected results:
to pass

Additional info:

Comment 2 Robbie Harwood 2017-06-05 12:42:33 EDT

We haven't looked into why this happens, but it doesn't break anything we've seen so far.  Thanks for the report.

Comment 6 Robbie Harwood 2017-08-01 11:27:22 EDT

*** Bug 1459145 has been marked as a duplicate of this bug. ***

Comment 8 Varun Mylaraiah 2018-01-24 04:58:36 EST

Verified on RHEL-7.5(Client_x86_64, ComputeNode_x86_64, Server_ppc64, Server_ppc64le, Server_x86_64, Workstation_x86_64) and
RHEL-ALT-7.5_Server_aarch64

Thus marking the status of bug to "VERIFIED"

Comment 12 errata-xmlrpc 2018-04-10 07:09:51 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0709

Note You need to log in before you can comment on or make changes to this bug.