Bug 1889751 - Bug 1837461 - avc: denied { search } for comm="rhsmd" dev="proc" issue continues after fix has been applied
Summary: Bug 1837461 - avc: denied { search } for comm="rhsmd" dev="proc" issue conti...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy
Version: 7.9
Hardware: Unspecified
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Zdenek Pytela
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-20 14:06 UTC by alsanche
Modified: 2020-12-01 13:12 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-01 13:12:15 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description alsanche 2020-10-20 14:06:02 UTC
Description of problem:

The customer applied the below fixes: 

 ~~~
 selinux-policy-3.13.1-268.el7.noarch                        Wed Oct  7 17:29:40 2020
 selinux-policy-targeted-3.13.1-268.el7.noarch               Wed Oct  7 17:29:56 2020
 ~~~

As advised in Bug 1837461, but the issue persists. As per the same bug I am opening a new bug.

Version-Release number of selected component (if applicable):


How reproducible:

I had customer run the below commands: 

[root@oasostats ~]# semodule -Rv
[root@oasostats ~]# systemctl  restart rhsmcertd
[root@oasostats ~]# date
Thu Oct 15 13:05:10 CDT 2020
#[root@oasostats ~]# systemctl status rhsmcertd
* rhsmcertd.service - Enable periodic update of entitlement certificates.
   Loaded: loaded (/usr/lib/systemd/system/rhsmcertd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-10-15 13:05:04 CDT; 3min 41s ago
  Process: 18258 ExecStart=/usr/bin/rhsmcertd (code=exited, status=0/SUCCESS)
 Main PID: 18266 (rhsmcertd)
    Tasks: 1
   Memory: 172.0K
   CGroup: /system.slice/rhsmcertd.service
           `-18266 /usr/bin/rhsmcertd

Oct 15 13:05:04 oasostats.banxico.org.mx systemd[1]: Starting Enable periodic update of entitlement certificates....
Oct 15 13:05:04 oasostats.banxico.org.mx systemd[1]: Started Enable periodic update of entitlement certificates..

Steps to Reproduce:
1. 
2.
3.

Actual results:

After a few days the below messages keep coming up in the logs: 

----
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: Traceback (most recent call last):
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: File "/usr/lib64/python2.7/site-packages/subscription_manager/scripts/rhsm_d.py", line 189, in timeout_cb
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: if is_rhsm_icon_running():
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: File "/usr/lib64/python2.7/site-packages/subscription_manager/scripts/rhsm_d.py", line 229, in is_rhsm_icon_running
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: ret = is_process_running('rhsm-icon')
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: File "/usr/lib64/python2.7/site-packages/subscription_manager/utils.py", line 643, in is_process_running
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: for process_name in get_process_names():
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: File "/usr/lib64/python2.7/site-packages/subscription_manager/utils.py", line 632, in get_process_names
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: with open(process_status_file_path) as status:
Oct 16 04:35:38 oasostats com.redhat.SubscriptionManager: IOError: [Errno 2] No such file or directory: '/proc/19375/status'
----

Expected results:

For the above to not come up in the logs

Additional info:

Comment 4 Zdenek Pytela 2020-12-01 13:12:15 UTC
Red Hat Enterprise Linux 7.9 was the last minor release scheduled for RHEL 7 and the product entered Maintenance Support 2 Phase, when Red Hat defined Critical and Important impact Security Advisories and selected Urgent Priority Bug Fix Advisories may be released as they become available.

This bugzilla does not seem to meet the inclusion criteria for Maintenance Phase 2, therefore it is closing now, but if you believe that it qualifies for the Maintenance Support 2 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.

Please refer to the Red Hat Enterprise Linux Life Cycle document for more details:
https://access.redhat.com/support/policy/updates/errata#Maintenance_Support_2_Phase


Note You need to log in before you can comment on or make changes to this bug.