Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1695444

Summary: AVC denials seen in quickinstall job for ipa-server installation
Product: Red Hat Enterprise Linux 7 Reporter: Nikhil Dehadrai <ndehadra>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.7CC: lvrabec, mmalik, plautrba, ssekidde, vmojzis, zpytela
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-03 07:01:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nikhil Dehadrai 2019-04-03 06:30:51 UTC 
Description of problem:
AVC denials seen in quickinstall job for ipa-server installation

Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-242.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1. Run Quickinstall job for IPA-server installation


Actual results:
Info: Searching AVC errors produced since 1554195565.38 (Tue Apr  2 04:59:25 2019)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 04/02/2019 04:59:25 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.hz8Vqz 2>&1'
----
time->Tue Apr  2 05:00:38 2019
type=USER_AVC msg=audit(1554195638.224:274): pid=692 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=2)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:00:39 2019
type=USER_AVC msg=audit(1554195639.374:276): pid=692 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=3)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:00:39 2019
type=USER_AVC msg=audit(1554195639.488:277): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:00:39 2019
type=USER_AVC msg=audit(1554195639.488:278): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:04:00 2019
type=PROCTITLE msg=audit(1554195840.845:433): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D636166696C65002F7661722F6C69622F6970612F746D706632325F4630002D2D65652D75726C00687474703A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383038302F63612F65
type=PATH msg=audit(1554195840.845:433): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195840.845:433):  cwd="/"
type=SYSCALL msg=audit(1554195840.845:433): arch=c000003e syscall=137 success=no exit=-13 a0=5651a59a2758 a1=7ffd66f797f0 a2=0 a3=7f74e74457b8 items=1 ppid=18713 pid=18989 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195840.845:433): avc:  denied  { getattr } for  pid=18989 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:04:00 2019
type=PROCTITLE msg=audit(1554195840.926:434): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D636166696C65002F7661722F6C69622F6970612F746D706632325F4630002D2D65652D75726C00687474703A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383038302F63612F65
type=PATH msg=audit(1554195840.926:434): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195840.926:434):  cwd="/"
type=SYSCALL msg=audit(1554195840.926:434): arch=c000003e syscall=137 success=no exit=-13 a0=5651a5982f38 a1=7ffd66f797f0 a2=0 a3=0 items=1 ppid=18713 pid=18989 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195840.926:434): avc:  denied  { getattr } for  pid=18989 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:18 2019
type=PROCTITLE msg=audit(1554195918.202:440): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195918.202:440): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195918.202:440):  cwd="/"
type=SYSCALL msg=audit(1554195918.202:440): arch=c000003e syscall=137 success=no exit=-13 a0=55a91462bc38 a1=7ffd07cf4fd0 a2=0 a3=7f22191d37b8 items=1 ppid=18713 pid=20275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195918.202:440): avc:  denied  { getattr } for  pid=20275 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:18 2019
type=PROCTITLE msg=audit(1554195918.203:441): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195918.203:441): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195918.203:441):  cwd="/"
type=SYSCALL msg=audit(1554195918.203:441): arch=c000003e syscall=137 success=no exit=-13 a0=55a91464b668 a1=7ffd07cf4fd0 a2=0 a3=0 items=1 ppid=18713 pid=20275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195918.203:441): avc:  denied  { getattr } for  pid=20275 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:18 2019
type=PROCTITLE msg=audit(1554195918.631:442): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195918.631:442): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195918.631:442):  cwd="/"
type=SYSCALL msg=audit(1554195918.631:442): arch=c000003e syscall=137 success=no exit=-13 a0=5561edb196e8 a1=7ffd9b67a530 a2=0 a3=7fa3359967b8 items=1 ppid=18713 pid=20295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195918.631:442): avc:  denied  { getattr } for  pid=20295 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:18 2019
type=PROCTITLE msg=audit(1554195918.631:443): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195918.631:443): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195918.631:443):  cwd="/"
type=SYSCALL msg=audit(1554195918.631:443): arch=c000003e syscall=137 success=no exit=-13 a0=5561edb3e158 a1=7ffd9b67a530 a2=0 a3=0 items=1 ppid=18713 pid=20295 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195918.631:443): avc:  denied  { getattr } for  pid=20295 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:58 2019
type=PROCTITLE msg=audit(1554195958.174:458): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195958.174:458): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195958.174:458):  cwd="/"
type=SYSCALL msg=audit(1554195958.174:458): arch=c000003e syscall=137 success=no exit=-13 a0=5622e52ddc38 a1=7ffd94405ec0 a2=0 a3=7f32d6c427b8 items=1 ppid=18713 pid=21137 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195958.174:458): avc:  denied  { getattr } for  pid=21137 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:58 2019
type=PROCTITLE msg=audit(1554195958.174:459): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195958.174:459): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195958.174:459):  cwd="/"
type=SYSCALL msg=audit(1554195958.174:459): arch=c000003e syscall=137 success=no exit=-13 a0=5622e52fd668 a1=7ffd94405ec0 a2=0 a3=0 items=1 ppid=18713 pid=21137 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195958.174:459): avc:  denied  { getattr } for  pid=21137 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:58 2019
type=PROCTITLE msg=audit(1554195958.645:460): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195958.645:460): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195958.645:460):  cwd="/"
type=SYSCALL msg=audit(1554195958.645:460): arch=c000003e syscall=137 success=no exit=-13 a0=55add6b596e8 a1=7ffe6b02aba0 a2=0 a3=7f300aa2f7b8 items=1 ppid=18713 pid=21161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195958.645:460): avc:  denied  { getattr } for  pid=21161 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:05:58 2019
type=PROCTITLE msg=audit(1554195958.646:461): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195958.646:461): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195958.646:461):  cwd="/"
type=SYSCALL msg=audit(1554195958.646:461): arch=c000003e syscall=137 success=no exit=-13 a0=55add6b7e0a8 a1=7ffe6b02aba0 a2=0 a3=0 items=1 ppid=18713 pid=21161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195958.646:461): avc:  denied  { getattr } for  pid=21161 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:06:06 2019
type=USER_AVC msg=audit(1554195966.777:463): pid=692 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=4)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:06:07 2019
type=USER_AVC msg=audit(1554195967.923:464): pid=692 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received policyload notice (seqno=5)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:06:08 2019
type=USER_AVC msg=audit(1554195968.036:466): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=4)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:06:08 2019
type=USER_AVC msg=audit(1554195968.036:467): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=5)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Tue Apr  2 05:06:11 2019
type=PROCTITLE msg=audit(1554195971.650:470): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195971.650:470): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195971.650:470):  cwd="/"
type=SYSCALL msg=audit(1554195971.650:470): arch=c000003e syscall=137 success=no exit=-13 a0=55640a2bb068 a1=7ffce882cb40 a2=0 a3=7f58797557b8 items=1 ppid=18713 pid=21434 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195971.650:470): avc:  denied  { getattr } for  pid=21434 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:06:11 2019
type=PROCTITLE msg=audit(1554195971.650:471): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195971.650:471): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195971.650:471):  cwd="/"
type=SYSCALL msg=audit(1554195971.650:471): arch=c000003e syscall=137 success=no exit=-13 a0=55640a2da678 a1=7ffce882cb40 a2=0 a3=0 items=1 ppid=18713 pid=21434 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195971.650:471): avc:  denied  { getattr } for  pid=21434 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:06:13 2019
type=PROCTITLE msg=audit(1554195973.170:472): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195973.170:472): item=0 name="/etc/pki/nssdb/cert9.db" inode=67615560 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195973.170:472):  cwd="/"
type=SYSCALL msg=audit(1554195973.170:472): arch=c000003e syscall=137 success=no exit=-13 a0=563dd21dd4a8 a1=7ffc83c19750 a2=0 a3=7f835c6717b8 items=1 ppid=18713 pid=21463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195973.170:472): avc:  denied  { getattr } for  pid=21463 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
----
time->Tue Apr  2 05:06:13 2019
type=PROCTITLE msg=audit(1554195973.171:473): proctitle=2F7573722F6C6962657865632F636572746D6F6E6765722F646F677461672D7375626D6974002D2D65652D75726C0068747470733A2F2F6175746F2D68762D30312D677565737430362E7465737472656C6D2E746573743A383434332F63612F65652F6361002D2D6365727466696C65002F7661722F6C69622F6970612F7261
type=PATH msg=audit(1554195973.171:473): item=0 name="/etc/pki/nssdb/key4.db" inode=67615562 dev=fd:00 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:cert_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1554195973.171:473):  cwd="/"
type=SYSCALL msg=audit(1554195973.171:473): arch=c000003e syscall=137 success=no exit=-13 a0=563dd21dd4d8 a1=7ffc83c19750 a2=0 a3=0 items=1 ppid=18713 pid=21463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dogtag-submit" exe="/usr/libexec/certmonger/dogtag-submit" subj=system_u:system_r:certmonger_t:s0 key=(null)
type=AVC msg=audit(1554195973.171:473): avc:  denied  { getattr } for  pid=21463 comm="dogtag-submit" name="/" dev="dm-0" ino=64 scontext=system_u:system_r:certmonger_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem permissive=0
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.hz8Vqz | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.xd6RQu 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31
Running 'rpm -q selinux-policy || true'
selinux-policy-3.13.1-242.el7.noarch

Expected results:
AVC denials should not be observed
Comment 3 Milos Malik 2019-04-03 06:53:38 UTC 
I believe this bug is a duplicate of BZ#1692564.
Comment 4 Zdenek Pytela 2019-04-03 07:01:37 UTC 

*** This bug has been marked as a duplicate of bug 1692564 ***