Red Hat Bugzilla – Bug 1478873
[ganesha] AVC denied messages- name_connect is observed in audit.log
Last modified: 2017-09-28 13:09:28 EDT
Description of problem: ======================= While setting up ganesha cluster along with geo-replicarion, AVC's denied messages (name_connect) have been observed in audit.log Version-Release number of selected component (if applicable): ================================================================ glusterfs-geo-replication-3.8.4-38.el7rhgs.x86_64 [root@dhcp37-218 ~]# rpm -qa | grep ganesha glusterfs-ganesha-3.8.4-38.el7rhgs.x86_64 nfs-ganesha-2.4.4-16.el7rhgs.x86_64 nfs-ganesha-gluster-2.4.4-16.el7rhgs.x86_64 [root@dhcp37-218 ~]# selinux-policy-3.13.1-166.el7.noarch How reproducible: ============= Reporting first instance Steps to Reproduce: ================ 1.Create a master cluster and slave cluster (4 nodes) 2. Set up ganesha volume on master and slave using gdeploy 3. Create and start a geo-replication session 4. Mount the master and slave volume via nfs vers 4.0 5. Ran IO's on the master mount using the crefi tool with the fops (create,chmod,chown,chgrp,hardlink,symlink,rename,truncate) 6. Did an rm -rf on the master mount 7. Ran the following : for i in {1..50}; do dd if=/dev/zero of=dd.$i bs=1M count=1 ; sleep 1 ; done No functionality impact is seen. Actual results: ================ [root@dhcp37-43 ~]# grep -r "avc" /var/log/audit/audit.log | grep name_connect type=AVC msg=audit(1502084441.519:128): avc: denied { name_connect } for pid=1920 comm="ganesha.nfsd" dest=111 scontext=system_u:system_r:ganesha_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Expected results: ================= No AVC's denied messages should be observed in audit.log