RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1882063 - allow NetworkManager_t etc_t:file unlink;
Summary: allow NetworkManager_t etc_t:file unlink;
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.2
Hardware: Unspecified
OS: Linux
low
low
Target Milestone: rc
: 8.0
Assignee: Zdenek Pytela
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-23 17:50 UTC by Alois Mahdal
Modified: 2022-01-05 13:43 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-09-02 07:48:16 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Alois Mahdal 2020-09-23 17:50:55 UTC 
Description of problem
======================

After upgrading from RHEL-7.9 to RHEL-8.2 we find this AVC:

    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   permissive
    Mode from config file:          permissive
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Memory protection checking:     actual (secure)
    Max kernel policy version:      31
    selinux-policy-3.14.3-41.el8_2.6.noarch
    ----
    time->Tue Sep 22 12:32:49 2020
    type=AVC msg=audit(1600792369.355:26): avc:  denied  { unlink } for  pid=7441 comm="NetworkManager" name="resolv.conf" dev="dm-0" ino=67160877 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file permissive=1


audit2allow says:

    allow NetworkManager_t etc_t:file unlink;


Version-Release number of selected component
============================================

selinux-policy-3.14.3-41.el8_2.6


How reproducible
================

Noticed once


Steps to Reproduce
==================

 1. Set up basic vsftpd test case like here:

     http://pkgs.devel.redhat.com/cgit/tests/vsftpd/tree/Upgrade/basic

 2. Upgrade to RHEL-8 using leapp

 3. ausearch ..


Actual results
==============

AVC


Expected results
================

no AVC


Additional info
===============

Timestamp correlates with these messages in journalctl:

      [..]
      [..]
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[50906533]::SRC[B181A85C]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[5090655b]::SRC[B182950C]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[5090655d]::SRC[B182950C]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[50906565]::SRC[B181D30E]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[509065ab]::SRC[B18126B9]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com ELOG[7443]: LID[509065b4]::SRC[B1812638]::Platform Firmware::Informational Event::No service action required
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Successfully activated service 'org.freedesktop.hostname1'
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started Hostname Service.
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9203] hostname: hostname: using hostnamed
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9209] hostname: hostname changed from (none) to "ibm-p8-16.pnr.lab.eng.rdu2.redhat.com"
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9219] dns-mgr[0x10003cee2b0]: init: dns=default,systemd-resolved rc-manager=symlink
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9879] Loaded device plugin: NMTeamFactory (/usr/lib64/NetworkManager/1.22.8-5.el8_2/libnm-device-plugin-team.so)
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9879] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9880] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9882] manager: Networking is enabled by state file
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.3' (uid=0 pid=7441 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792353.9929] dhcp-init: Using DHCP client 'dhclient'
    Sep 22 12:32:33 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Network Manager Script Dispatcher Service...
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0004] settings: Loaded settings plugin: ifcfg-rh ("/usr/lib64/NetworkManager/1.22.8-5.el8_2/libnm-settings-plugin-ifcfg-rh.so")
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0005] settings: Loaded settings plugin: keyfile (internal)
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started Network Manager Script Dispatcher Service.
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0183] device (lo): carrier: link connected
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0187] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0204] manager: (enP5p1s0f0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.0220] device (enP5p1s0f0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f0: link is not ready
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0044:01:00.0 enP5p1s0f0: using MSI-X  IRQs: sp 392  fp[0] 394 ... fp[7] 401
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f0: link is not ready
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.8083] manager: (enP5p1s0f1): new Ethernet device (/org/freedesktop/NetworkManager/Devices/3)
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792354.8096] device (enP5p1s0f1): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:34 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f1: link is not ready
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0044:01:00.1 enP5p1s0f1: using MSI-X  IRQs: sp 402  fp[0] 404 ... fp[7] 411
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792355.5767] manager: (enP5p1s0f2): new Ethernet device (/org/freedesktop/NetworkManager/Devices/4)
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792355.5779] device (enP5p1s0f2): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f1: link is not ready
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f2: link is not ready
    Sep 22 12:32:35 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0044:01:00.2 enP5p1s0f2: using MSI-X  IRQs: sp 412  fp[0] 414 ... fp[7] 421
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f2: link is not ready
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792356.1184] manager: (enP5p1s0f3): new Ethernet device (/org/freedesktop/NetworkManager/Devices/5)
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792356.1197] device (enP5p1s0f3): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f3: link is not ready
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0044:01:00.3 enP5p1s0f3: using MSI-X  IRQs: sp 422  fp[0] 424 ... fp[7] 431
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792356.6464] manager: (enP6p1s0f0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/6)
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792356.6477] device (enP6p1s0f0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f3: link is not ready
    Sep 22 12:32:36 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f0: link is not ready
    Sep 22 12:32:37 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0045:01:00.0 enP6p1s0f0: using MSI-X  IRQs: sp 360  fp[0] 362 ... fp[7] 369
    Sep 22 12:32:37 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792357.4786] manager: (enP6p1s0f1): new Ethernet device (/org/freedesktop/NetworkManager/Devices/7)
    Sep 22 12:32:37 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792357.4799] device (enP6p1s0f1): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:37 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f0: link is not ready
    Sep 22 12:32:37 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f1: link is not ready
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0045:01:00.1 enP6p1s0f1: using MSI-X  IRQs: sp 370  fp[0] 372 ... fp[7] 379
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792358.3066] manager: (enP6p1s0f2): new Ethernet device (/org/freedesktop/NetworkManager/Devices/8)
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792358.3078] device (enP6p1s0f2): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f1: link is not ready
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f2: link is not ready
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0045:01:00.2 enP6p1s0f2: using MSI-X  IRQs: sp 380  fp[0] 382 ... fp[7] 389
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792358.8485] manager: (enP6p1s0f3): new Ethernet device (/org/freedesktop/NetworkManager/Devices/9)
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792358.8497] device (enP6p1s0f3): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f2: link is not ready
    Sep 22 12:32:38 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f3: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0045:01:00.3 enP6p1s0f3: using MSI-X  IRQs: sp 390  fp[0] 432 ... fp[7] 439
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f3: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4011] device (enP5p1s0f0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4023] device (enP5p1s0f1): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4029] device (enP5p1s0f2): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4036] device (enP5p1s0f3): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4043] device (enP6p1s0f0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4050] device (enP6p1s0f1): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4057] device (enP6p1s0f2): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792359.4063] device (enP6p1s0f3): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f0: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f1: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f2: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP5p1s0f3: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f0: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f1: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f2: link is not ready
    Sep 22 12:32:39 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_UP): enP6p1s0f3: link is not ready
    Sep 22 12:32:40 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: ses 0:0:6:0: Attached Enclosure device
    Sep 22 12:32:40 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: ses 0:0:7:0: Attached Enclosure device
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4807] device (enP6p1s0f2): carrier: link connected
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4811] policy: auto-activating connection 'System enP6p1s0f2' (349dacc7-78ac-4b51-883d-b33c51be7732)
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4818] device (enP6p1s0f2): Activation: starting connection 'System enP6p1s0f2' (349dacc7-78ac-4b51-883d-b33c51be7732)
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4820] device (enP6p1s0f2): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4825] manager: NetworkManager state is now CONNECTING
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4828] device (enP6p1s0f2): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: bnx2x 0045:01:00.2 enP6p1s0f2: NIC Link is Up, 1000 Mbps full duplex, Flow control: ON - receive & transmit
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com kernel: IPv6: ADDRCONF(NETDEV_CHANGE): enP6p1s0f2: link becomes ready
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4909] device (enP6p1s0f2): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.4917] dhcp4 (enP6p1s0f2): activation: beginning transaction (timeout in 45 seconds)
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792361.5501] dhcp4 (enP6p1s0f2): dhclient started with pid 8390
    Sep 22 12:32:41 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dhclient[8390]: DHCPREQUEST on enP6p1s0f2 to 255.255.255.255 port 67 (xid=0x6c837868)
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dhclient[8390]: DHCPREQUEST on enP6p1s0f2 to 255.255.255.255 port 67 (xid=0x6c837868)
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dhclient[8390]: DHCPACK from 10.0.1.254 (xid=0x6c837868)
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3195] dhcp4 (enP6p1s0f2):   address 10.0.1.30
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3197] dhcp4 (enP6p1s0f2):   plen 24 (255.255.255.0)
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   gateway 10.0.1.254
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   lease time 86400
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   nameserver '10.11.5.19'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   nameserver '10.10.160.2'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   nameserver '10.5.30.160'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3198] dhcp4 (enP6p1s0f2):   domain name 'pnr.lab.eng.rdu2.redhat.com'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2):   NIS domain 'redhat.com'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2): option broadcast_address    => '10.0.1.255'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2): option dad_wait_time        => '0'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2): option dhcp_lease_time      => '86400'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2): option dhcp_message_type    => '5'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3199] dhcp4 (enP6p1s0f2): option dhcp_server_identifier => '10.10.160.2'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option domain_name          => 'pnr.lab.eng.rdu2.redhat.com'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option domain_name_servers  => '10.11.5.19 10.10.160.2 10.5.30.160'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option expiry               => '1600878769'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option filename             => 'pxelinux.0'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option ip_address           => '10.0.1.30'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option network_number       => '10.0.1.0'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3200] dhcp4 (enP6p1s0f2): option next_server          => '10.0.14.138'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option nis_domain           => 'redhat.com'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option ntp_servers          => '10.10.167.254 10.5.30.160 10.18.100.10 10.11.160.238 10.5.27.10 10.5.26.10 10.2.32.38 10.2.32.37 10.18.52.10'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_broadcast_address => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_classless_static_routes => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_domain_name => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_domain_name_servers => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_domain_search => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_host_name  => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3201] dhcp4 (enP6p1s0f2): option requested_interface_mtu => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_ms_classless_static_routes => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_nis_domain => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_nis_servers => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_ntp_servers => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_rfc3442_classless_static_routes => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_root_path  => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_routers    => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_static_routes => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3202] dhcp4 (enP6p1s0f2): option requested_subnet_mask => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3203] dhcp4 (enP6p1s0f2): option requested_time_offset => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3203] dhcp4 (enP6p1s0f2): option requested_wpad       => '1'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3203] dhcp4 (enP6p1s0f2): option routers              => '10.0.1.254'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3203] dhcp4 (enP6p1s0f2): option subnet_mask          => '255.255.255.0'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3203] dhcp4 (enP6p1s0f2): state changed unknown -> extended
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3220] device (enP6p1s0f2): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.3' (uid=0 pid=7441 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Network Manager Script Dispatcher Service...
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started Network Manager Script Dispatcher Service.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3398] device (enP6p1s0f2): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3402] device (enP6p1s0f2): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3409] manager: NetworkManager state is now CONNECTED_LOCAL
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dhclient[8390]: bound to 10.0.1.30 -- renewal in 34262 seconds.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3424] manager: NetworkManager state is now CONNECTED_SITE
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3426] policy: set 'System enP6p1s0f2' (enP6p1s0f2) as default for IPv4 routing and DNS
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3429] policy: set 'System enP6p1s0f2' (enP6p1s0f2) as default for IPv6 routing and DNS
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Activating via systemd: service name='org.freedesktop.resolve1' unit='dbus-org.freedesktop.resolve1.service' requested by ':1.3' (uid=0 pid=7441 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Network Name Resolution...
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3623] device (enP6p1s0f2): Activation: successful, device activated.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3634] manager: NetworkManager state is now CONNECTED_GLOBAL
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.3646] manager: startup complete
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started Network Manager Wait Online.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting LSB: Bring up/down networking...
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8416]: WARN      : [network] You are using 'network' service provided by 'network-scripts', which are now deprecated.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8467]: You are using 'network' service provided by 'network-scripts', which are now deprecated.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8416]: WARN      : [network] 'network-scripts' will be removed in one of the next major releases of RHEL.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8468]: 'network-scripts' will be removed in one of the next major releases of RHEL.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8416]: WARN      : [network] It is advised to switch to 'NetworkManager' instead for network management.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8469]: It is advised to switch to 'NetworkManager' instead for network management.
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.6253] audit: op="connections-reload" pid=8516 uid=0 result="success"
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8416]: Bringing up loopback interface:  [  OK  ]
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com NetworkManager[7441]: <info>  [1600792369.8930] audit: op="connections-load" args="/etc/sysconfig/network-scripts/ifcfg-enP6p1s0f2" pid=8645 uid=0 result="success"
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com network[8416]: Bringing up interface enP6p1s0f2:  [  OK  ]
    Sep 22 12:32:49 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started LSB: Bring up/down networking.
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: Positive Trust Anchors:
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa 168.192.in-addr.arpa d.f.ip6.arpa corp home internal intranet lan local private test
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: Using system hostname 'ibm-p8-16.pnr.lab.eng.rdu2.redhat.com'.
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Started Network Name Resolution.
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Reached target Network.
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com dbus-daemon[7434]: [system] Successfully activated service 'org.freedesktop.resolve1'
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd-resolved[8412]: request_name_destroy_callback n_ref=1
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Vsftpd ftp daemon...
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Reached target Network is Online.
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Spacewalk Server daemon...
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Permit User Sessions...
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Dynamic System Tuning Daemon...
    Sep 22 12:32:50 ibm-p8-16.pnr.lab.eng.rdu2.redhat.com systemd[1]: Starting Postfix Mail Transport Agent...
      [..]
      [..]

The failure incident ticket is: https://issues.redhat.com/browse/OAMG-3959
Comment 1 Zdenek Pytela 2020-09-23 18:11:34 UTC 
Alois,

Could you locate the file? If not audited, you may need to turn on full path auditing, or the find command, but in permissive mode the file likely is gone.

If it was /etc/resolv.conf, then the file would mislabeled:

  # matchpathcon /etc/resolv.conf
Deprecated, use selabel_lookup
/etc/resolv.conf        system_u:object_r:net_conf_t:s0

so this bz would not be a bug.
Comment 3 Zdenek Pytela 2020-12-16 23:25:23 UTC 
To rephrase, in case it is /etc/resolv.conf, the file is mislabeled.
Comment 4 Zdenek Pytela 2021-06-25 14:27:06 UTC 
Alois,

Have you managed to find out the resolv.conf file path, or why it had an incorrect label?
Comment 5 Alois Mahdal 2021-09-02 07:36:12 UTC 
Partly due to too much "spam" AVC's (this one is exception) we decided to disable automated AVC checking in our framework, so we're not reproducing this anymore.

Sorry I can't help now.

(Also I've transferred to another team so please reach @mkluson if you believe this is worth pursuing and need help from OAMG-QE.)
Comment 6 Zdenek Pytela 2021-09-02 07:48:16 UTC 
Given the information in #c5 and as there is not enough information to investigate on the issue, we are going to close this bug. If there is a need to pursue this matter, feel free to reopen this bug and attach the needed information.
Note You need to log in before you can comment on or make changes to this bug.