Bug 766184 - selinux denials for postgres after aeolus run
Summary: selinux denials for postgres after aeolus run
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: ce-sprint ce-sprint-next
TreeView+ depends on / blocked
 
Reported: 2011-12-10 20:50 UTC by wes hayutin
Modified: 2012-01-04 16:29 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-04 16:29:20 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description wes hayutin 2011-12-10 20:50:05 UTC 
Description of problem:

Not 100% if aeolus is causing this, but opening to be sure. None of these error caused a fatal for aeolus

[root@qeblade30 ~]#  ausearch -m avc
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.300:159662): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=22 items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.300:159662): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.303:159663): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=1 a2=0 a3=7f777bf6c14c items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.303:159663): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:07 2011
type=SYSCALL msg=audit(1323545587.381:159664): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=4c items=0 ppid=1 pid=7244 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545587.381:159664): avc:  denied  { module_request } for  pid=7244 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.753:159673): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=22 items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.753:159673): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.756:159674): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=1 a2=0 a3=7fc27ca6d14c items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.756:159674): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Dec 10 14:33:10 2011
type=SYSCALL msg=audit(1323545590.851:159675): arch=c000003e syscall=41 success=no exit=-97 a0=a a1=2 a2=0 a3=4c items=0 ppid=1 pid=7325 auid=0 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=1 comm="postmaster" exe="/usr/bin/postgres" subj=unconfined_u:system_r:postgresql_t:s0 key=(null)
type=AVC msg=audit(1323545590.851:159675): avc:  denied  { module_request } for  pid=7325 comm="postmaster" kmod="net-pf-10" scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system
Comment 1 Francesco Vollero 2011-12-15 16:13:57 UTC 
After a quick call with mgrepl, we discovered that this problem is not related to us (CloudForms) but is a kernel problem related with ipv6, so we agreed to move it in selinux-components.
Comment 2 wes hayutin 2012-01-03 17:43:02 UTC 
adding ce-sprint-next bugs to ce-sprint
Comment 3 Francesco Vollero 2012-01-03 18:33:07 UTC 
Could someone with rights move it from cloudform to selinux-components please?
Comment 5 Daniel Walsh 2012-01-04 16:29:20 UTC 
You have disabled IPV6 improperly.

http://danwalsh.livejournal.com/47118.html
Note You need to log in before you can comment on or make changes to this bug.