Bug 488792 - SELinux, avc denial when running monitoring probes TSDBLocalQueue
SELinux, avc denial when running monitoring probes TSDBLocalQueue
Status: CLOSED DEFERRED
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Monitoring (Show other bugs)
530
All Linux
low Severity medium
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
na
:
Depends On: 487221
Blocks: 462714
  Show dependency treegraph
 
Reported: 2009-03-05 14:05 EST by wes hayutin
Modified: 2015-05-29 16:02 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-05-29 16:02:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description wes hayutin 2009-03-05 14:05:48 EST
Description of problem:


type=AVC msg=audit(1236279772.595:2924033): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236279419.20774" dev=dm-0 ino=4063770 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924033): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924034): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236279419.20774" dev=dm-0 ino=4063770 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924034): arch=40000003 syscall=196 success=no exit=-13 a0=a76c490 a1=9fb50c8 a2=c20ff4 a3=a7fbbec items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924035): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278896.20352" dev=dm-0 ino=4061684 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924035): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924036): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278896.20352" dev=dm-0 ino=4061684 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924036): arch=40000003 syscall=196 success=no exit=-13 a0=a94e720 a1=9fb50c8 a2=c20ff4 a3=a7fbbec items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.599:2924037): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278436.19491" dev=dm-0 ino=4059468 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.599:2924037): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)



recreate..
run monitoring automation, check audit.log

manual..
probes listed here..

Probe(s) assigned to system have an UNKNOWN status    Apache: Processes   
Cannot find Max Child and Slot MB metrics at URL
http://10.10.76.146%20%20%20%20:80/server-status   Suite
Probe(s) assigned to system have an UNKNOWN status  Linux: Load  The RHN
Monitoring Daemon (RHNMD) is not responding: Internal problem executing 

Unix::Load: open3: exec of /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s failed. Please make sure the daemon is
running and the host is accessible from the monitoring scout. Command was:
/usr/bin/ssh -l nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Memory Usage  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::MemoryFree: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Virtual Memory  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::VirtualMemory: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Network Services: Ping
Comment 1 Jan Pazdziora 2009-04-09 10:30:21 EDT
Addressed in Spacewalk master by commit 7e58c848a4e2cba276250b24d6f8639413359aee and subsequent commits.

Tagged as spacewalk-monitoring-selinux-0.6.2-1.
Comment 2 Jan Pazdziora 2009-04-15 03:30:01 EDT
Also available in spacewalk-monitoring-selinux-0.5.6-4. As spacewalk-monitoring-selinux-0.5.6-5.el5sat.noarch.rpm is now available on Satellite-5.3.0-RHEL5-re20090414.0, moving ON_QA.
Comment 3 wes hayutin 2009-04-23 14:54:05 EDT
verified 4/20 build
Comment 4 Milan Zazrivec 2009-09-09 09:20:04 EDT
This one needs to be retested after bug #487221 is fixed.
Comment 5 Brandon Perkins 2009-09-09 10:11:24 EDT
Reopening and punting to sat600-triage for re-evaluation.

Note You need to log in before you can comment on or make changes to this bug.