Bug 1458850 - gssproxy generates nonfatal selinux messages
Summary: gssproxy generates nonfatal selinux messages
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gssproxy   
(Show other bugs)
Version: 7.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: ipa-qe
URL:
Whiteboard:
Keywords:
: 1459145 (view as bug list)
Depends On:
Blocks: 1392968 1458860
TreeView+ depends on / blocked
 
Reported: 2017-06-05 15:58 UTC by Namita Soman
Modified: 2018-04-10 11:10 UTC (History)
7 users (show)

Fixed In Version: gssproxy-0.7.0-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1458860 (view as bug list)
Environment:
Last Closed: 2018-04-10 11:09:51 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0709 None None None 2018-04-10 11:10 UTC

Description Namita Soman 2017-06-05 15:58:20 UTC
Description of problem:
When running tps-rpmtest, and tps-srpmtest, it gives error - 

UpgradeTests-selinux throws error - 
UpgradeTest-selinux Test
Running: /usr/sbin/ausearch  -sv no -m AVC -ts  05/31/2017 23:57:19 
 SELinux Check: FAIL
 SELinux AVC messages found:
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.631:297706): arch=c000003e syscall=137 success=no exit=-13 a0=7f1c6b6766c0 a1=7ffc39592a90 a2=fffffffffff47428 a3=7ffc395928c0 items=0 ppid=1 pid=10308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.631:297706): avc:  denied  { getattr } for  pid=10308 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.840:297712): arch=c000003e syscall=137 success=no exit=-13 a0=7f17579576c0 a1=7ffd78399c40 a2=fffffffffff47428 a3=7ffd78399a70 items=0 ppid=1 pid=10340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.840:297712): avc:  denied  { getattr } for  pid=10340 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:58:05 2017
 type=SYSCALL msg=audit(1496289485.517:297738): arch=c000003e syscall=137 success=no exit=-13 a0=7f2209f2b6c0 a1=7ffd11b3be80 a2=fffffffffff47428 a3=7ffd11b3bcb0 items=0 ppid=1 pid=10659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289485.517:297738): avc:  denied  { getattr } for  pid=10659 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 TPSHINT: It is possible that other stable systems activity has caused this issue.
 If you are sure that this is the case, you may waive this failure.
 If you have any doubts, RE-RUN tps-rpmtest to be sure.
 TPSRESULT: UpgradeTest-selinux Returning: FAIL

And VerifyTest fails with:
<..snip..>
result: verify test: FAIL:
 krb5-libs.x86_64: /etc/krb5.conf S.5...... c [tps:a]
 krb5-libs.i686: /etc/krb5.conf S.5...... c [tps:a]
 TPS verify test analysis tags:
 tps:a -- verify errors on both arches
 tps:b -- verify error on file not present in alternative arch
 tps:c -- verify error on preferred binary/ELF file
 tps:d -- significant type of verify error
<..snip..>

Version-Release number of selected component (if applicable):


How reproducible:
always - on all arches

Steps to Reproduce:
1. Run tps tests - tps-rpmtest
2. 
3.

Actual results:
Errors above

Expected results:
to pass

Additional info:

Comment 2 Robbie Harwood 2017-06-05 16:42:33 UTC
We haven't looked into why this happens, but it doesn't break anything we've seen so far.  Thanks for the report.

Comment 6 Robbie Harwood 2017-08-01 15:27:22 UTC
*** Bug 1459145 has been marked as a duplicate of this bug. ***

Comment 8 Varun Mylaraiah 2018-01-24 09:58:36 UTC
Verified on RHEL-7.5(Client_x86_64, ComputeNode_x86_64, Server_ppc64, Server_ppc64le, Server_x86_64, Workstation_x86_64) and
RHEL-ALT-7.5_Server_aarch64

Thus marking the status of bug to "VERIFIED"

Comment 12 errata-xmlrpc 2018-04-10 11:09:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0709


Note You need to log in before you can comment on or make changes to this bug.