488789 – SELinux, avc denial when running monitoring probes

Bug 488789 - SELinux, avc denial when running monitoring probes

Summary: SELinux, avc denial when running monitoring probes

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Monitoring
Sub Component:
Version:	530
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jan Pazdziora
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:	na
Whiteboard:
Depends On:	487221
Blocks:	462714
TreeView+	depends on / blocked

Reported:	2009-03-05 18:42 UTC by wes hayutin
Modified:	2015-05-29 20:03 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-29 20:03:06 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description wes hayutin 2009-03-05 18:42:21 UTC

Description of problem:


/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5679): avc:  denied  { search } for  pid=30206 comm="scheduleEvents" name="yp" dev=dm-0 ino=1504428 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5680): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5681): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=702 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5682): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5683): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5684): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=703 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5685): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5686): avc:  denied  { search } for  pid=30206 comm="scheduleEvents" name="yp" dev=dm-0 ino=1504428 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5687): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5688): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=704 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5689): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5690): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5691): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=705 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:agentx_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5692): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket

[root@grandprix audit]# ps -ef | grep 30206
root     14359 14611  0 13:39 pts/0    00:00:00 grep 30206
[root@grandprix audit]# 



recreate..
run monitoring automation, check audit.log

manual..
probes listed here..

Probe(s) assigned to system have an UNKNOWN status    Apache: Processes   
Cannot find Max Child and Slot MB metrics at URL
http://10.10.76.146%20%20%20%20:80/server-status   Suite
Probe(s) assigned to system have an UNKNOWN status  Linux: Load  The RHN
Monitoring Daemon (RHNMD) is not responding: Internal problem executing 

Unix::Load: open3: exec of /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s failed. Please make sure the daemon is
running and the host is accessible from the monitoring scout. Command was:
/usr/bin/ssh -l nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Memory Usage  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::MemoryFree: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Virtual Memory  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::VirtualMemory: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Network Services: Ping

Comment 1 Jan Pazdziora 2009-04-09 14:40:00 UTC

The AVC denial messages seem NIS-related, so very similar to bug 487221. Moving to ON_QA as spacewalk-monitoring-selinux-0.5.6-1 which added the nis_use_ypbind_uncond is available in Satellite-5.3.0-RHEL5-re20090327.0 compose.

Comment 2 wes hayutin 2009-04-15 20:48:54 UTC

verified

Comment 3 Milan Zázrivec 2009-09-09 13:18:56 UTC

This one needs to be retested after bug #487221 is fixed.

Comment 4 Brandon Perkins 2009-09-09 14:10:39 UTC

Reopening and punting to sat600-triage for re-evaluation.

Note You need to log in before you can comment on or make changes to this bug.