Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 2015216

Summary: RHEL 8.3: ovn2.15: avc error, comm="rhsmcertd-worke"
Product: Red Hat Enterprise Linux Fast Datapath Reporter: Zhiqiang Fang <zfang>
Component: openvswitch-selinux-extra-policyAssignee: Aaron Conole <aconole>
Status: CLOSED DUPLICATE QA Contact: Jean-Tsung Hsiao <jhsiao>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: FDP 21.ICC: ctrautma, hewang, qding
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-26 02:40:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zhiqiang Fang 2021-10-18 16:19:05 UTC 
Description of problem:

Seeing avc errors in below beaker job that is a FDP 21.I ovn2.15 test on rhel8.3 (RHEL-8.3.1-updates-20210330.1) on HPE Synergy servers.

The beaker job:
https://beaker.engineering.redhat.com/jobs/5898938

The error log:
https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2021/10/58989/5898938/10808648/133358073/627740628/avc.log

Error message:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      32
selinux-policy-3.14.3-54.el8_3.3.noarch
----
time->Fri Oct 15 18:51:55 2021
type=PROCTITLE msg=audit(1634338315.723:730): proctitle=2F7573722F6C6962657865632F706C6174666F726D2D707974686F6E002F7573722F6C6962657865632F7268736D63657274642D776F726B6572
type=SYSCALL msg=audit(1634338315.723:730): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=7ffed1b57380 a2=1c a3=31 items=0 ppid=2022 pid=105709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rhsmcertd-worke" exe="/usr/libexec/platform-python3.6" subj=system_u:system_r:rhsmcertd_t:s0 key=(null)
type=AVC msg=audit(1634338315.723:730): avc:  denied  { node_bind } for  pid=105709 comm="rhsmcertd-worke" saddr=::1 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=tcp_socket permissive=0




Version-Release number of selected component (if applicable):
openvswitch2.15-2.15.0-42.el8fdp.x86_64.rpm
openvswitch-selinux-extra-policy-1.0-28.el8fdp.noarch.rpm
RHEL-8.3.1-updates-20210330.1



How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
avc errors seen.

Expected results:
No avc error.

Additional info:

Some other beaker jobs seen the error:
https://beaker.engineering.redhat.com/jobs/5898932
https://beaker.engineering.redhat.com/jobs/5910289
Comment 2 Zhiqiang Fang 2021-10-26 02:40:11 UTC 

*** This bug has been marked as a duplicate of bug 1923985 ***