Hide Forgot
Occurs every time a Checkpoint/DPM "creation" like action occurs. --- Seeing the following error with the following packages installed: selinux-policy-3.13.1-166.el7_4.5.noarch Sun Nov 26 03:14:59 2017 selinux-policy-targeted-3.13.1-166.el7_4.5.noarch Sun Nov 26 03:15:05 2017 BZ #1331309 does not appear to have fixed this issue. --- Dec 18 20:14:54 localhost journal: Hyper-V VSS: VSS: op=CHECK HOT BACKUP Dec 18 20:14:54 localhost journal: Hyper-V VSS: FREEZE of /nfsdata/sftpprod failed; error:13 Permission denied Dec 18 20:14:54 localhost journal: Hyper-V VSS: VSS: op=FREEZE: failed Dec 18 20:14:54 localhost journal: Hyper-V VSS: op=5 failed! Dec 18 20:14:54 localhost journal: Hyper-V VSS: report it with these files: Dec 18 20:14:54 localhost journal: Hyper-V VSS: /etc/fstab and /proc/mounts --- /etc/fstab entry /dev/sdb1 /nfsdata/sftpprod xfs defaults 0 0 /proc/mounts entry /dev/sdb1 /nfsdata/sftpprod xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0 --- # ausearch -m avc -ts recent ---- time->Tue Jan 23 18:09:26 2018 type=PROCTITLE msg=audit(1516748966.175:15729003): proctitle=2F7573722F7362696E2F68797065727676737364002D6E type=PATH msg=audit(1516748966.175:15729003): item=0 name="/nfsdata/sftpprod" objtype=UNKNOWN type=CWD msg=audit(1516748966.175:15729003): cwd="/" type=SYSCALL msg=audit(1516748966.175:15729003): arch=c000003e syscall=2 success=no exit=-13 a0=55bf9d9f525a a1=0 a2=0 a3=1e items=1 ppid=1 pid=189725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hypervvssd" exe="/usr/sbin/hypervvssd" subj=system_u:system_r:hypervvssd_t:s0 key=(null) type=AVC msg=audit(1516748966.175:15729003): avc: denied { dac_read_search } for pid=189725 comm="hypervvssd" capability=2 scontext=system_u:system_r:hypervvssd_t:s0 tcontext=system_u:system_r:hypervvssd_t:s0 tclass=capability type=AVC msg=audit(1516748966.175:15729003): avc: denied { dac_override } for pid=189725 comm="hypervvssd" capability=1 scontext=system_u:system_r:hypervvssd_t:s0 tcontext=system_u:system_r:hypervvssd_t:s0 tclass=capability ---- time->Tue Jan 23 18:09:26 2018 type=PROCTITLE msg=audit(1516748966.175:15729004): proctitle=2F7573722F7362696E2F68797065727676737364002D6E type=PATH msg=audit(1516748966.175:15729004): item=0 name="/nfsdata/sftpprod" objtype=UNKNOWN type=CWD msg=audit(1516748966.175:15729004): cwd="/" type=SYSCALL msg=audit(1516748966.175:15729004): arch=c000003e syscall=2 success=no exit=-13 a0=55bf9d9f525a a1=0 a2=0 a3=1e items=1 ppid=1 pid=189725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hypervvssd" exe="/usr/sbin/hypervvssd" subj=system_u:system_r:hypervvssd_t:s0 key=(null) type=AVC msg=audit(1516748966.175:15729004): avc: denied { dac_read_search } for pid=189725 comm="hypervvssd" capability=2 scontext=system_u:system_r:hypervvssd_t:s0 tcontext=system_u:system_r:hypervvssd_t:s0 tclass=capability type=AVC msg=audit(1516748966.175:15729004): avc: denied { dac_override } for pid=189725 comm="hypervvssd" capability=1 scontext=system_u:system_r:hypervvssd_t:s0 tcontext=system_u:system_r:hypervvssd_t:s0 tclass=capability
Could you run following commands and attach here the output? # ls -l /nfsdata/sftpprod # ls -dZ /nfsdata/sftpprod
The -Z output is the following, I'll have to check for the other: drwxr-xr-x. sftpprod sftpprod system_u:object_r:default_t:s0 sftpprod
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111