1474217 – avc denied errors (abrt-action-sav) in audit.log

Bug 1474217 - avc denied errors (abrt-action-sav) in audit.log

Summary: avc denied errors (abrt-action-sav) in audit.log

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-node
Classification:	oVirt
Component:	Installation & Update
Sub Component:
Version:	4.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	ovirt-4.1.5
Target Release:	---
Assignee:	Ryan Barry
QA Contact:	cshao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-24 07:30 UTC by cshao
Modified:	2017-08-01 06:48 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 06:48:27 UTC
oVirt Team:	Node
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.1+ cshao: testing_ack+

Attachments	(Terms of Use)
all log info (9.36 MB, application/x-gzip) 2017-07-24 07:30 UTC, cshao	no flags	Details
View All

Description cshao 2017-07-24 07:30:24 UTC

Created attachment 1303489 [details]
all log info

Description of problem:
After redhat-virtualization-host-4.1-20170721.0 installed, there are AVC denied errors (abrt-action-sav) in audit.log.

# grep "avc:  denied" /var/log/audit/audit.log
type=AVC msg=audit(1500879742.176:197): avc:  denied  { write } for  pid=26254 comm="abrt-action-sav" name=".dbenv.lock" dev="dm-3" ino=8786413 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
type=AVC msg=audit(1500879742.180:198): avc:  denied  { write } for  pid=26254 comm="abrt-action-sav" name=".dbenv.lock" dev="dm-3" ino=8786413 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file
type=AVC msg=audit(1500879742.181:199): avc:  denied  { write } for  pid=26254 comm="abrt-action-sav" name=".dbenv.lock" dev="dm-3" ino=8786413 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file



Version-Release number of selected component (if applicable):
redhat-virtualization-host-4.1-20170721.0
imgbased-0.9.34-0.1.el7ev.noarch
selinux-policy-3.13.1-166.el7.noarch

How reproducible:
80%

Steps to Reproduce:
1.RHVH installed successful. selinux in enforcing mode as default.
2.Login to RHVH,
#grep "avc:  denied" /var/log/audit/audit.log

Actual results:
AVC denied error msgs in audit.log

Expected results:
No avc denied errors in audit.log.

Additional info:

Comment 1 Ryan Barry 2017-07-31 22:49:50 UTC

I can't reproduce this. Can you provide a test system, please?

Comment 2 cshao 2017-07-31 23:26:56 UTC

(In reply to Ryan Barry from comment #1)
> I can't reproduce this. Can you provide a test system, please?

Sure, I will provide the IP addr once reproduce.

Comment 3 cshao 2017-08-01 06:48:27 UTC

Test version:
redhat-virtualization-host-4.1-20170728.0 
imgbased-0.9.36-0.1.el7ev.noarch
selinux-policy-3.13.1-166.el7.noarch

After several times testing, the issue was gone. So close this bug as CURRENTRELEASE. Feel free to re-open it if still can reproduce.

Note You need to log in before you can comment on or make changes to this bug.