Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 488792

Summary: SELinux, avc denial when running monitoring probes TSDBLocalQueue
Product: Red Hat Satellite 5 Reporter: wes hayutin <whayutin>
Component: MonitoringAssignee: Jan Pazdziora (Red Hat) <jpazdziora>
Status: CLOSED DEFERRED QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: low    
Version: 530CC: mzazrivec
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: na
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-29 20:02:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 487221    
Bug Blocks: 462714    

Description wes hayutin 2009-03-05 19:05:48 UTC 
Description of problem:


type=AVC msg=audit(1236279772.595:2924033): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236279419.20774" dev=dm-0 ino=4063770 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924033): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924034): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236279419.20774" dev=dm-0 ino=4063770 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924034): arch=40000003 syscall=196 success=no exit=-13 a0=a76c490 a1=9fb50c8 a2=c20ff4 a3=a7fbbec items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924035): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278896.20352" dev=dm-0 ino=4061684 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924035): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.595:2924036): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278896.20352" dev=dm-0 ino=4061684 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.595:2924036): arch=40000003 syscall=196 success=no exit=-13 a0=a94e720 a1=9fb50c8 a2=c20ff4 a3=a7fbbec items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)
type=AVC msg=audit(1236279772.599:2924037): avc:  denied  { getattr } for  pid=22305 comm="TSDBLocalQueue." path="/var/log/nocpulse/TSDBLocalQueue/queue/1236278436.19491" dev=dm-0 ino=4059468 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
type=SYSCALL msg=audit(1236279772.599:2924037): arch=40000003 syscall=195 success=no exit=-13 a0=a237cb8 a1=9fb50c8 a2=c20ff4 a3=a237cb8 items=0 ppid=22304 pid=22305 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=596 comm="TSDBLocalQueue." exe="/usr/bin/perl" subj=root:system_r:spacewalk_monitoring_t:s0 key=(null)



recreate..
run monitoring automation, check audit.log

manual..
probes listed here..

Probe(s) assigned to system have an UNKNOWN status    Apache: Processes   
Cannot find Max Child and Slot MB metrics at URL
http://10.10.76.146%20%20%20%20:80/server-status   Suite
Probe(s) assigned to system have an UNKNOWN status  Linux: Load  The RHN
Monitoring Daemon (RHNMD) is not responding: Internal problem executing 

Unix::Load: open3: exec of /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s failed. Please make sure the daemon is
running and the host is accessible from the monitoring scout. Command was:
/usr/bin/ssh -l nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Memory Usage  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::MemoryFree: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Linux: Virtual Memory  The RHN Monitoring Daemon (RHNMD) is not responding:
Internal problem executing Unix::VirtualMemory: open3: exec of /usr/bin/ssh -l
nocpulse -p 4545 -i /var/lib/nocpulse/.ssh/nocpulse-identity -o
StrictHostKeyChecking=no -o BatchMode=yes 10.10.76.146 /bin/sh -s failed.
Please make sure the daemon is running and the host is accessible from the
monitoring scout. Command was: /usr/bin/ssh -l nocpulse -p 4545 -i
/var/lib/nocpulse/.ssh/nocpulse-identity -o StrictHostKeyChecking=no -o
BatchMode=yes 10.10.76.146 /bin/sh -s  Suite
Probe(s) assigned to system have an UNKNOWN status 

 Network Services: Ping
Comment 1 Jan Pazdziora (Red Hat) 2009-04-09 14:30:21 UTC 
Addressed in Spacewalk master by commit 7e58c848a4e2cba276250b24d6f8639413359aee and subsequent commits.

Tagged as spacewalk-monitoring-selinux-0.6.2-1.
Comment 2 Jan Pazdziora (Red Hat) 2009-04-15 07:30:01 UTC 
Also available in spacewalk-monitoring-selinux-0.5.6-4. As spacewalk-monitoring-selinux-0.5.6-5.el5sat.noarch.rpm is now available on Satellite-5.3.0-RHEL5-re20090414.0, moving ON_QA.
Comment 3 wes hayutin 2009-04-23 18:54:05 UTC 
verified 4/20 build
Comment 4 Milan Zázrivec 2009-09-09 13:20:04 UTC 
This one needs to be retested after bug #487221 is fixed.
Comment 5 Brandon Perkins 2009-09-09 14:11:24 UTC 
Reopening and punting to sat600-triage for re-evaluation.