Bug 1464374 - avc denied errors (rhnsd) in audit.log
avc denied errors (rhnsd) in audit.log
Status: CLOSED CURRENTRELEASE
Product: ovirt-node
Classification: oVirt
Component: Installation & Update (Show other bugs)
4.1
Unspecified Unspecified
unspecified Severity medium (vote)
: ovirt-4.1.5
: ---
Assigned To: Ryan Barry
cshao
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 05:29 EDT by cshao
Modified: 2017-08-01 02:48 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 02:48:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Node
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rule-engine: ovirt‑4.1+
sbonazzo: devel_ack+
cshao: testing_ack+


Attachments (Terms of Use)
/var/log/* /tmp/* sosreport (8.63 MB, application/x-gzip)
2017-06-23 05:29 EDT, cshao
no flags Details

  None (edit)
Description cshao 2017-06-23 05:29:30 EDT
Created attachment 1290943 [details]
/var/log/* /tmp/* sosreport

Description of problem:
After redhat-virtualization-host-4.1-20170622.3 installed, there are AVC denied errors (rhnsd) in audit.log.

# grep "avc:  denied" /var/log/audit/audit.log
type=AVC msg=audit(1498188702.561:106): avc:  denied  { read } for  pid=1772 comm="rhnsd" name="rhnsd" dev="dm-4" ino=2228797 scontext=system_u:system_r:rhnsd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
#

Version-Release number of selected component (if applicable):
redhat-virtualization-host-4.1-20170622.3
imgbased-0.9.32-0.1.el7ev.noarch
selinux-policy-3.13.1-164.el7.noarch

How reproducible:
60%

Steps to Reproduce:
1.RHVH installed successful. selinux in enforcing mode as default.
2.Login to RHVH,
#grep "avc:  denied" /var/log/audit/audit.log

Actual results:
AVC denied error msgs in audit.log

Expected results:
No avc denied errors in audit.log.

Additional info:
Comment 1 Red Hat Bugzilla Rules Engine 2017-07-18 13:38:04 EDT
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 2 Ryan Barry 2017-07-31 18:49:47 EDT
I can't reproduce this. Can you provide a test system, please?
Comment 3 cshao 2017-07-31 19:26:06 EDT
(In reply to Ryan Barry from comment #2)
> I can't reproduce this. Can you provide a test system, please?

Sure, I will provide the IP addr once reproduce.
Comment 4 cshao 2017-08-01 02:48:59 EDT
Test version:
redhat-virtualization-host-4.1-20170728.0 
imgbased-0.9.36-0.1.el7ev.noarch
selinux-policy-3.13.1-166.el7.noarch

After several times testing, the issue was gone. So close this bug as CURRENTRELEASE. Feel free to re-open it if still can reproduce.

Note You need to log in before you can comment on or make changes to this bug.