1464374 – avc denied errors (rhnsd) in audit.log

Bug 1464374 - avc denied errors (rhnsd) in audit.log

Summary: avc denied errors (rhnsd) in audit.log

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-node
Classification:	oVirt
Component:	Installation & Update
Sub Component:
Version:	4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-4.1.5
Target Release:	---
Assignee:	Ryan Barry
QA Contact:	cshao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-23 09:29 UTC by cshao
Modified:	2017-08-01 06:48 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 06:48:59 UTC
oVirt Team:	Node
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.1+ sbonazzo: devel_ack+ cshao: testing_ack+

Attachments	(Terms of Use)
*/var/log/ /tmp/* sosreport** (8.63 MB, application/x-gzip) 2017-06-23 09:29 UTC, cshao	no flags	Details
View All

Description cshao 2017-06-23 09:29:30 UTC

Created attachment 1290943 [details]
/var/log/* /tmp/* sosreport

Description of problem:
After redhat-virtualization-host-4.1-20170622.3 installed, there are AVC denied errors (rhnsd) in audit.log.

# grep "avc:  denied" /var/log/audit/audit.log
type=AVC msg=audit(1498188702.561:106): avc:  denied  { read } for  pid=1772 comm="rhnsd" name="rhnsd" dev="dm-4" ino=2228797 scontext=system_u:system_r:rhnsd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
#

Version-Release number of selected component (if applicable):
redhat-virtualization-host-4.1-20170622.3
imgbased-0.9.32-0.1.el7ev.noarch
selinux-policy-3.13.1-164.el7.noarch

How reproducible:
60%

Steps to Reproduce:
1.RHVH installed successful. selinux in enforcing mode as default.
2.Login to RHVH,
#grep "avc:  denied" /var/log/audit/audit.log

Actual results:
AVC denied error msgs in audit.log

Expected results:
No avc denied errors in audit.log.

Additional info:

Comment 1 Red Hat Bugzilla Rules Engine 2017-07-18 17:38:04 UTC

Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.

Comment 2 Ryan Barry 2017-07-31 22:49:47 UTC

I can't reproduce this. Can you provide a test system, please?

Comment 3 cshao 2017-07-31 23:26:06 UTC

(In reply to Ryan Barry from comment #2)
> I can't reproduce this. Can you provide a test system, please?

Sure, I will provide the IP addr once reproduce.

Comment 4 cshao 2017-08-01 06:48:59 UTC

Test version:
redhat-virtualization-host-4.1-20170728.0 
imgbased-0.9.36-0.1.el7ev.noarch
selinux-policy-3.13.1-166.el7.noarch

After several times testing, the issue was gone. So close this bug as CURRENTRELEASE. Feel free to re-open it if still can reproduce.

Note You need to log in before you can comment on or make changes to this bug.