Bug 1478371 - AVC denials noticed during ipa-server upgrade process.
AVC denials noticed during ipa-server upgrade process.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.4
All Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-04 09:00 EDT by Nikhil Dehadrai
Modified: 2018-04-10 08:37 EDT (History)
10 users (show)

See Also:
Fixed In Version: selinux-policy-3.13.1-179.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 08:36:40 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
AVC Denials noticed during IPA upgrade process (88.37 KB, text/plain)
2017-08-04 09:00 EDT, Nikhil Dehadrai
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0763 None None None 2018-04-10 08:37 EDT

  None (edit)
Description Nikhil Dehadrai 2017-08-04 09:00:42 EDT
Created attachment 1309036 [details]
AVC Denials noticed during IPA upgrade process

Description of problem:
AVC denials noticed during ipa-server upgrade process frm RHEL 7.4(4.5.0.21) to RHEL 7.4.1(4.5.0-21.el7_4.1).

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-166.el7.noarch


How reproducible:
Always

Steps to Reproduce:
1. Setup IPA server on RHEL 7.4.(4.5.0.21)
2. Configure Latest repo links for latest version of IPA-server (selinux packages)
3. Initiate upgrade process for ipa- server using command:
# yum -y update 'ipa*' sssd 'python*'

Actual results:
AVC denials are noticed for this IPA-Upgrade process.
- In my case AVC denials are noticed for NORMAL test suite inside REPLICA tests.
Comment 12 Nikhil Dehadrai 2017-11-14 05:12:23 EST
IPA-server version: ipa-server-4.5.4-4.el7.x86_64
selinux-policy: selinux-policy-3.13.1-179.el7.noarch

Noticed AVC errors during IPA-server upgrade process for following path:

Linear upgrade (70z > 71z > 72z > 73z > 74-0day > 74up1 > 74up2 > 74z > 7.5)

Thus changing status to "ASSIGNED"
Comment 14 Nikhil Dehadrai 2017-11-16 02:34:45 EST
IPA-server version: ipa-server-4.5.4-4.el7.x86_64
selinux-policy: selinux-policy-3.13.1-179.el7.noarch

Noticed AVC errors during IPA-server upgrade process for following path:

Direct Upgrade: RHEL 7.4.3 > RHEL 7.5
Comment 17 Nikhil Dehadrai 2017-12-04 06:12:01 EST
IPA-server version: ipa-server-4.5.4-6.el7.x86_64
selinux-policy: selinux-policy-3.13.1-180.el7.noarch

Noticed AVC errors during IPA-server upgrade process for following path:

Linear upgrade (70z > 71z > 72z > 73z > 74-0day > 74up1 > 74up2 > 74z > 7.5)

Thus changing status to "ASSIGNED"
Comment 21 anuja 2017-12-21 01:38:52 EST
IPA-server version: ipa-server-4.5.4-7.el7.x86_64
selinux-policy: selinux-policy-3.13.1-183.el7.noarch

Noticed AVC errors during IPA-server upgrade process for following path:

Direct Upgrade 7.3z > 7.5

Changing status to Assigned
Comment 23 anuja 2017-12-22 01:27:12 EST
IPA-server version: ipa-server-4.5.4-7.el7.x86_64
selinux-policy: selinux-policy-3.13.1-183.el7.noarch

Noticed AVC errors during IPA-server upgrade process for following path:

Linear upgrade (70z > 71z > 72z > 73z > 74-0day > 74up1 > 74up2 > 74z > 7.5)
Comment 27 anuja 2017-12-26 07:00:40 EST
IPA-server version: ipa-server-4.5.4-7.el7.x86_64
selinux-policy: selinux-policy-3.13.1-183.el7.noarch

Noticed AVC errors during IPA-server upgrade process for ca-cert-renewal using Direct Upgrade 7.3z > 7.5
Comment 32 anuja 2018-02-02 07:05:24 EST
IPA-server version: ipa-server-4.5.4-9.el7.x86_64
selinux-policy: selinux-policy.noarch 0:3.13.1-186.el7

Noticed AVC errors during IPA-server upgrade process for following path:

Direct Upgrade: RHEL 7.3z > RHEL 7.5

console logs are added in comment # 31

Changing status to Assigned
Comment 39 errata-xmlrpc 2018-04-10 08:36:40 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0763

Note You need to log in before you can comment on or make changes to this bug.