2015216 – RHEL 8.3: ovn2.15: avc error, comm="rhsmcertd-worke"

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2015216 - RHEL 8.3: ovn2.15: avc error, comm="rhsmcertd-worke"

Summary: RHEL 8.3: ovn2.15: avc error, comm="rhsmcertd-worke"

Keywords:
Status:	CLOSED DUPLICATE of bug 1923985
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	openvswitch-selinux-extra-policy
Sub Component:
Version:	FDP 21.I
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Aaron Conole
QA Contact:	Jean-Tsung Hsiao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-10-18 16:19 UTC by Zhiqiang Fang
Modified:	2021-10-26 02:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-26 02:40:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1923985	1	medium	CLOSED	[RHEL-8] avc: denied { node_bind } for pid=50272 comm="rhsmcertd-worke"	2023-05-13 07:56:13 UTC
Red Hat Issue Tracker	FD-1609	0	None	None	None	2021-10-18 18:59:36 UTC

Description Zhiqiang Fang 2021-10-18 16:19:05 UTC

Description of problem:

Seeing avc errors in below beaker job that is a FDP 21.I ovn2.15 test on rhel8.3 (RHEL-8.3.1-updates-20210330.1) on HPE Synergy servers.

The beaker job:
https://beaker.engineering.redhat.com/jobs/5898938

The error log:
https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2021/10/58989/5898938/10808648/133358073/627740628/avc.log

Error message:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      32
selinux-policy-3.14.3-54.el8_3.3.noarch
----
time->Fri Oct 15 18:51:55 2021
type=PROCTITLE msg=audit(1634338315.723:730): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002F7573722F6C6962657865632F7268736D63657274642D776F726B6572
type=SYSCALL msg=audit(1634338315.723:730): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=7ffed1b57380 a2=1c a3=31 items=0 ppid=2022 pid=105709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1634338315.723:730): avc:  denied  { node_bind } for  pid=105709 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0




Version-Release number of selected component (if applicable):
openvswitch2.15-2.15.0-42.el8fdp.x86_64.rpm
openvswitch-selinux-extra-policy-1.0-28.el8fdp.noarch.rpm
RHEL-8.3.1-updates-20210330.1



How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
avc errors seen.

Expected results:
No avc error.

Additional info:

Some other beaker jobs seen the error:
https://beaker.engineering.redhat.com/jobs/5898932
https://beaker.engineering.redhat.com/jobs/5910289

Comment 2 Zhiqiang Fang 2021-10-26 02:40:11 UTC


*** This bug has been marked as a duplicate of bug 1923985 ***

Note You need to log in before you can comment on or make changes to this bug.