RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1458850 - gssproxy generates nonfatal selinux messages
Summary: gssproxy generates nonfatal selinux messages
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gssproxy
Version: 7.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: ipa-qe
URL:
Whiteboard:
: 1459145 (view as bug list)
Depends On:
Blocks: 1392968 1458860
TreeView+ depends on / blocked
 
Reported: 2017-06-05 15:58 UTC by Namita Soman
Modified: 2018-04-10 11:10 UTC (History)
7 users (show)

Fixed In Version: gssproxy-0.7.0-8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1458860 (view as bug list)
Environment:
Last Closed: 2018-04-10 11:09:51 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0709 0 None None None 2018-04-10 11:10:44 UTC

Description Namita Soman 2017-06-05 15:58:20 UTC
Description of problem:
When running tps-rpmtest, and tps-srpmtest, it gives error - 

UpgradeTests-selinux throws error - 
UpgradeTest-selinux Test
Running: /usr/sbin/ausearch  -sv no -m AVC -ts  05/31/2017 23:57:19 
 SELinux Check: FAIL
 SELinux AVC messages found:
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.631:297706): arch=c000003e syscall=137 success=no exit=-13 a0=7f1c6b6766c0 a1=7ffc39592a90 a2=fffffffffff47428 a3=7ffc395928c0 items=0 ppid=1 pid=10308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.631:297706): avc:  denied  { getattr } for  pid=10308 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:57:42 2017
 type=SYSCALL msg=audit(1496289462.840:297712): arch=c000003e syscall=137 success=no exit=-13 a0=7f17579576c0 a1=7ffd78399c40 a2=fffffffffff47428 a3=7ffd78399a70 items=0 ppid=1 pid=10340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289462.840:297712): avc:  denied  { getattr } for  pid=10340 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 ----
 time->Wed May 31 23:58:05 2017
 type=SYSCALL msg=audit(1496289485.517:297738): arch=c000003e syscall=137 success=no exit=-13 a0=7f2209f2b6c0 a1=7ffd11b3be80 a2=fffffffffff47428 a3=7ffd11b3bcb0 items=0 ppid=1 pid=10659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gssproxy" exe="/usr/sbin/gssproxy" subj=system_u:system_r:gssproxy_t:s0 key=(null)
 type=AVC msg=audit(1496289485.517:297738): avc:  denied  { getattr } for  pid=10659 comm="gssproxy" name="/" dev="vda2" ino=2 scontext=system_u:system_r:gssproxy_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 TPSHINT: It is possible that other stable systems activity has caused this issue.
 If you are sure that this is the case, you may waive this failure.
 If you have any doubts, RE-RUN tps-rpmtest to be sure.
 TPSRESULT: UpgradeTest-selinux Returning: FAIL

And VerifyTest fails with:
<..snip..>
result: verify test: FAIL:
 krb5-libs.x86_64: /etc/krb5.conf S.5...... c [tps:a]
 krb5-libs.i686: /etc/krb5.conf S.5...... c [tps:a]
 TPS verify test analysis tags:
 tps:a -- verify errors on both arches
 tps:b -- verify error on file not present in alternative arch
 tps:c -- verify error on preferred binary/ELF file
 tps:d -- significant type of verify error
<..snip..>

Version-Release number of selected component (if applicable):


How reproducible:
always - on all arches

Steps to Reproduce:
1. Run tps tests - tps-rpmtest
2. 
3.

Actual results:
Errors above

Expected results:
to pass

Additional info:

Comment 2 Robbie Harwood 2017-06-05 16:42:33 UTC
We haven't looked into why this happens, but it doesn't break anything we've seen so far.  Thanks for the report.

Comment 6 Robbie Harwood 2017-08-01 15:27:22 UTC
*** Bug 1459145 has been marked as a duplicate of this bug. ***

Comment 8 Varun Mylaraiah 2018-01-24 09:58:36 UTC
Verified on RHEL-7.5(Client_x86_64, ComputeNode_x86_64, Server_ppc64, Server_ppc64le, Server_x86_64, Workstation_x86_64) and
RHEL-ALT-7.5_Server_aarch64

Thus marking the status of bug to "VERIFIED"

Comment 12 errata-xmlrpc 2018-04-10 11:09:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0709


Note You need to log in before you can comment on or make changes to this bug.