Bug 812786 - avc problem with /distribution/install on s390x
Summary: avc problem with /distribution/install on s390x
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Beaker
Classification: Retired
Component: beah
Version: 0.9
Hardware: s390x
OS: Unspecified
high
high vote
Target Milestone: ---
Assignee: Bill Peck
QA Contact:
URL:
Whiteboard:
: 813342 (view as bug list)
Depends On:
Blocks: 805204
TreeView+ depends on / blocked
 
Reported: 2012-04-16 08:42 UTC by David Spurek
Modified: 2015-05-04 01:46 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-04 14:45:34 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 744129 1 None None None 2021-01-20 06:05:38 UTC

Internal Links: 744129

Description David Spurek 2012-04-16 08:42:59 UTC 
Description of problem:
I always get avc problem in /distribution/install phase on s390x. 

type=SYSCALL msg=audit(1334561765.866:17): arch=80000016 syscall=11 per=400000 success=yes exit=11 a0=803ce830 a1=803ceff0 a2=803ccd40 a3=3fffd229910 items=0 ppid=4773 pid=4774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1334561765.866:17): avc:  denied  { append } for  pid=4774 comm="semodule" path="/mnt/testarea/TESTOUT.log" dev=dm-0 ino=392476 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file
type=AVC msg=audit(1334561765.866:17): avc:  denied  { append } for  pid=4774 comm="semodule" path="/mnt/testarea/selinux.log" dev=dm-0 ino=392489 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file
Fail: AVC messages found.
Checking for errors...

More info in fail run https://beaker.engineering.redhat.com/recipes/464497

Version-Release number of selected component (if applicable):


How reproducible:
always with tcms run 35913

Steps to Reproduce:
1.bkr workflow-tcms --arch s390 --errata 2012:12650 --run 35913
  
Actual results:
avc problem in /distribution/install phase

Expected results:
no avc problem
Comment 1 Bill Peck 2012-04-17 12:49:28 UTC 
The problem is that we are running out of memory when trying to insert the test policy in selinux.  I'm not sure what we can do other than require a system with more memory.  The s390's are hit because they only have 512 meg of memory.  (some s390 systems have 1gig)
Comment 6 Ales Zelinka 2012-04-19 14:58:37 UTC 
*** Bug 813342 has been marked as a duplicate of this bug. ***
Comment 8 Bill Peck 2012-05-10 12:39:51 UTC 
There was a change to autopart in 6.3 version of anaconda which creates a swap partition the same size as memory.  Before 6.3 it would create it twice the size of memory, this change is enough to cause out of memory issues with 6.3.

see bz744129
Comment 11 Ales Zelinka 2012-05-30 15:20:46 UTC 
I haven't seen this in a while. David, is it still an issue? (and I've schedulled the job you mention in c#0 and there's no AVC in /distribution/install)
Comment 13 David Spurek 2012-06-04 09:29:12 UTC 
Ales, I try schedulle job too, but I haven't seen this now.
Note You need to log in before you can comment on or make changes to this bug.