Bug 991024 - SELinux is preventing /bin/df from read access on the directory var.
Summary: SELinux is preventing /bin/df from read access on the directory var.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.4
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Michal Trunecka
URL:
Whiteboard:
Depends On:
Blocks: 1005184
TreeView+ depends on / blocked
 
Reported: 2013-08-01 12:24 UTC by Gowrishankar Rajaiyan
Modified: 2014-09-30 23:35 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.7.19-210.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1005184 (view as bug list)
Environment:
Last Closed: 2013-11-21 10:48:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1598 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2013-11-20 21:39:24 UTC

Description Gowrishankar Rajaiyan 2013-08-01 12:24:55 UTC 
Description of problem: As per RHS-RHOS integration, /etc/cinder/cinder.conf consists of the following parameter:
<snip>
glusterfs_disk_util = df
glusterfs_mount_point_base = /var/lib/cinder/volumes
</snip>

It is required for "df" to access var.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-3.7.19-195.el6_4.12.noarch
libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
openstack-selinux-0.1.2-10.el6ost.noarch
libselinux-2.0.94-5.3.el6_4.1.x86_64


SELinux is preventing /bin/df from read access on the directory var.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow df to have read access on the var directory
Then you need to change the label on var
Do
# semanage fcontext -a -t FILE_TYPE 'var'
where FILE_TYPE is one of the following: bin_t, device_t, devpts_t, locale_t, etc_t, nrpe_t, proc_t, sysfs_t, sysctl_crypto_t, sssd_public_t, udev_tbl_t, abrt_t, lib_t, root_t, device_t, usr_t, etc_t, var_lib_t, var_run_t, configfile, domain, cert_type, nrpe_var_run_t, net_conf_t, sysctl_kernel_t, var_run_t, configfile, sysctl_kernel_t, nscd_var_run_t, root_t, device_t, devpts_t. 
Then execute: 
restorecon -v 'var'


*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that df should be allowed read access on the var directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep df /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 2 Milos Malik 2013-08-01 12:38:03 UTC 
Could you copy&paste the AVC here too?
# ausearch -m avc -i
Comment 3 Gowrishankar Rajaiyan 2013-08-02 04:29:42 UTC 
[root@dhcp201-146 cinder(keystone_admin)]# ausearch -m avc -i
----
type=SYSCALL msg=audit(08/02/2013 03:15:42.088:562777) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6299ff63 a1=100 a2=0 a3=7fff6299f0b0 items=0 ppid=31011 pid=31012 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:15:42.088:562777) : avc:  denied  { read } for  pid=31012 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 03:25:42.143:565478) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff8a50bf63 a1=100 a2=0 a3=7fff8a509fd0 items=0 ppid=814 pid=815 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:25:42.143:565478) : avc:  denied  { read } for  pid=815 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 03:55:42.064:573579) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff1d5cbf63 a1=100 a2=0 a3=7fff1d5cb400 items=0 ppid=7701 pid=7702 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:55:42.064:573579) : avc:  denied  { read } for  pid=7702 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:05:42.123:576271) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff4c854f63 a1=100 a2=0 a3=7fff4c852ae0 items=0 ppid=10069 pid=10070 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:05:42.123:576271) : avc:  denied  { read } for  pid=10070 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:15:42.176:578972) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6d41ef63 a1=100 a2=0 a3=7fff6d41cc70 items=0 ppid=12355 pid=12356 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:15:42.176:578972) : avc:  denied  { read } for  pid=12356 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:25:42.229:581673) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6e49ef63 a1=100 a2=0 a3=7fff6e49e1e0 items=0 ppid=14633 pid=14634 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:25:42.229:581673) : avc:  denied  { read } for  pid=14634 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:35:42.036:584369) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2f380f63 a1=100 a2=0 a3=7fff2f37fd90 items=0 ppid=16948 pid=16949 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:35:42.036:584369) : avc:  denied  { read } for  pid=16949 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:45:42.092:587070) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff018d7f63 a1=100 a2=0 a3=7fff018d7300 items=0 ppid=19215 pid=19216 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:45:42.092:587070) : avc:  denied  { read } for  pid=19216 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:55:42.146:589771) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff52aa3f63 a1=100 a2=0 a3=7fff52aa32e0 items=0 ppid=21476 pid=21477 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:55:42.146:589771) : avc:  denied  { read } for  pid=21477 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:05:42.203:592478) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffeeb45f63 a1=100 a2=0 a3=7fffeeb45430 items=0 ppid=23749 pid=23750 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:05:42.203:592478) : avc:  denied  { read } for  pid=23750 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:15:42.009:595179) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffdde4df63 a1=100 a2=0 a3=7fffdde4ca40 items=0 ppid=26010 pid=26011 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:15:42.009:595179) : avc:  denied  { read } for  pid=26011 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:35:42.121:600565) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff65b35f63 a1=100 a2=0 a3=7fff65b33f60 items=0 ppid=30512 pid=30513 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:35:42.121:600565) : avc:  denied  { read } for  pid=30513 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:45:42.180:603266) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffd54b4f63 a1=100 a2=0 a3=7fffd54b40f0 items=0 ppid=306 pid=307 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:45:42.180:603266) : avc:  denied  { read } for  pid=307 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:55:42.234:605967) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff4a4d5f63 a1=100 a2=0 a3=7fff4a4d3b10 items=0 ppid=2638 pid=2639 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:55:42.234:605967) : avc:  denied  { read } for  pid=2639 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:05:42.047:608674) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff5354ef63 a1=100 a2=0 a3=7fff5354e3e0 items=0 ppid=4933 pid=4934 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:05:42.047:608674) : avc:  denied  { read } for  pid=4934 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:15:42.103:611375) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff00e5bf63 a1=100 a2=0 a3=7fff00e59950 items=0 ppid=7216 pid=7217 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:15:42.103:611375) : avc:  denied  { read } for  pid=7217 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:25:42.161:614069) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff33a3ff63 a1=100 a2=0 a3=7fff33a3e7b0 items=0 ppid=9504 pid=9506 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:25:42.161:614069) : avc:  denied  { read } for  pid=9506 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:35:42.215:616767) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff96acaf63 a1=100 a2=0 a3=7fff96ac8f80 items=0 ppid=11870 pid=11871 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:35:42.215:616767) : avc:  denied  { read } for  pid=11871 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:45:42.023:619453) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff33098f63 a1=100 a2=0 a3=7fff33096a50 items=0 ppid=14122 pid=14123 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:45:42.023:619453) : avc:  denied  { read } for  pid=14123 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:55:42.079:622154) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffdc3d1f63 a1=100 a2=0 a3=7fffdc3d14f0 items=0 ppid=16418 pid=16419 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:55:42.079:622154) : avc:  denied  { read } for  pid=16419 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:05:42.133:624861) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff60fb4f63 a1=100 a2=0 a3=7fff60fb2fe0 items=0 ppid=18725 pid=18726 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:05:42.133:624861) : avc:  denied  { read } for  pid=18726 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:15:42.189:627562) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffb822ff63 a1=100 a2=0 a3=7fffb822efa0 items=0 ppid=20987 pid=20988 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:15:42.189:627562) : avc:  denied  { read } for  pid=20988 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:25:42.246:630248) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffc35f3f63 a1=100 a2=0 a3=7fffc35f2820 items=0 ppid=23223 pid=23224 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:25:42.246:630248) : avc:  denied  { read } for  pid=23224 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:35:42.054:632949) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffa9b4af63 a1=100 a2=0 a3=7fffa9b49080 items=0 ppid=25485 pid=25486 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:35:42.054:632949) : avc:  denied  { read } for  pid=25486 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:45:42.114:635650) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2109cf63 a1=100 a2=0 a3=7fff2109b610 items=0 ppid=27747 pid=27748 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:45:42.114:635650) : avc:  denied  { read } for  pid=27748 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:55:42.168:638351) : arch=x86_64 syscall=open success=yes exit=3 a0=7ffff4266f63 a1=100 a2=0 a3=7ffff4266790 items=0 ppid=30011 pid=30012 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:55:42.168:638351) : avc:  denied  { read } for  pid=30012 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:05:42.223:641058) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff884def63 a1=100 a2=0 a3=7fff884ddd20 items=0 ppid=32284 pid=32285 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:05:42.223:641058) : avc:  denied  { read } for  pid=32285 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:15:42.030:643754) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffc5ac6f63 a1=100 a2=0 a3=7fffc5ac6050 items=0 ppid=2144 pid=2145 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:15:42.030:643754) : avc:  denied  { read } for  pid=2145 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:25:42.086:646455) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffb5b2df63 a1=100 a2=0 a3=7fffb5b2d3f0 items=0 ppid=4427 pid=4428 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:25:42.086:646455) : avc:  denied  { read } for  pid=4428 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:35:42.144:649156) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff41e11f63 a1=100 a2=0 a3=7fff41e0fc50 items=0 ppid=6710 pid=6711 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:35:42.144:649156) : avc:  denied  { read } for  pid=6711 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:45:42.205:651857) : arch=x86_64 syscall=open success=yes exit=3 a0=7ffffa53ef63 a1=100 a2=0 a3=7ffffa53cf90 items=0 ppid=8990 pid=8991 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:45:42.205:651857) : avc:  denied  { read } for  pid=8991 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:55:42.016:654543) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff25c06f63 a1=100 a2=0 a3=7fff25c065d0 items=0 ppid=11345 pid=11346 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:55:42.016:654543) : avc:  denied  { read } for  pid=11346 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:05:42.072:657250) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff14e68f63 a1=100 a2=0 a3=7fff14e68190 items=0 ppid=13640 pid=13641 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:05:42.072:657250) : avc:  denied  { read } for  pid=13641 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:15:42.129:659951) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff06d4df63 a1=100 a2=0 a3=7fff06d4ba90 items=0 ppid=15947 pid=15948 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:15:42.129:659951) : avc:  denied  { read } for  pid=15948 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:25:42.184:662652) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2c75bf63 a1=100 a2=0 a3=7fff2c75b200 items=0 ppid=18241 pid=18242 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:25:42.184:662652) : avc:  denied  { read } for  pid=18242 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:35:42.241:665353) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffa9c1ff63 a1=100 a2=0 a3=7fffa9c1e180 items=0 ppid=20505 pid=20506 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:35:42.241:665353) : avc:  denied  { read } for  pid=20506 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:45:42.045:668054) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffe16a5f63 a1=100 a2=0 a3=7fffe16a4700 items=0 ppid=22766 pid=22767 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:45:42.045:668054) : avc:  denied  { read } for  pid=22767 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:55:42.106:670755) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff5ef7cf63 a1=100 a2=0 a3=7fff5ef7bfa0 items=0 ppid=25028 pid=25029 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:55:42.106:670755) : avc:  denied  { read } for  pid=25029 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
[root@dhcp201-146 cinder(keystone_admin)]#
Comment 4 Daniel Walsh 2013-08-02 14:47:56 UTC 
Looks like nrpe is attempting to list the contents of /var?
Comment 7 errata-xmlrpc 2013-11-21 10:48:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html
Note You need to log in before you can comment on or make changes to this bug.