Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 488789

Summary: SELinux, avc denial when running monitoring probes
Product: Red Hat Satellite 5 Reporter: wes hayutin <whayutin>
Component: MonitoringAssignee: Jan Pazdziora (Red Hat) <jpazdziora>
Status: CLOSED DEFERRED QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 530   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: na
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-29 20:03:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 487221    
Bug Blocks: 462714    

Description wes hayutin 2009-03-05 18:42:21 UTC 
Description of problem:


/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5679): avc:  denied  { search } for  pid=30206 comm="scheduleEvents" name="yp" dev=dm-0 ino=1504428 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5680): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5681): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=702 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5682): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5683): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5684): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=703 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.405:5685): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5686): avc:  denied  { search } for  pid=30206 comm="scheduleEvents" name="yp" dev=dm-0 ino=1504428 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:var_yp_t:s0 tclass=dir
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5687): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5688): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=704 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5689): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5690): avc:  denied  { node_bind } for  pid=30206 comm="scheduleEvents" scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:inaddr_any_node_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5691): avc:  denied  { name_bind } for  pid=30206 comm="scheduleEvents" src=705 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:agentx_port_t:s0 tclass=tcp_socket
/var/log/audit/audit.log:type=AVC msg=audit(1236274887.629:5692): avc:  denied  { name_connect } for  pid=30206 comm="scheduleEvents" dest=111 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket

[root@grandprix audit]# ps -ef | grep 30206
root     14359 14611  0 13:39 pts/0    00:00:00 grep 30206
[root@grandprix audit]# 



recreate..
run monitoring automation, check audit.log

manual..
probes listed here..

Probe(s) assigned to system have an UNKNOWN status    Apache: Processes   
Cannot find Max Child and Slot MB metrics at URL
http://10.10.76.146%20%20%20%20:80/server-status   Suite
Probe(s) assigned to system have an UNKNOWN status  Linux: Load  The RHN
Monitoring Daemon (RHNMD) is not responding: Internal problem executing 

Unix::Load: open3: exec of /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s failed. Please make sure the daemon is
running and the host is accessible from the monitoring scout. Command was:
/usr/bin/ssh -l nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Memory Usage  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::MemoryFree: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Virtual Memory  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::VirtualMemory: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Network Services: Ping
Comment 1 Jan Pazdziora (Red Hat) 2009-04-09 14:40:00 UTC 
The AVC denial messages seem NIS-related, so very similar to bug 487221. Moving to ON_QA as spacewalk-monitoring-selinux-0.5.6-1 which added the nis_use_ypbind_uncond is available in Satellite-5.3.0-RHEL5-re20090327.0 compose.
Comment 2 wes hayutin 2009-04-15 20:48:54 UTC 
verified
Comment 3 Milan Zázrivec 2009-09-09 13:18:56 UTC 
This one needs to be retested after bug #487221 is fixed.
Comment 4 Brandon Perkins 2009-09-09 14:10:39 UTC 
Reopening and punting to sat600-triage for re-evaluation.