RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 991024 - SELinux is preventing /bin/df from read access on the directory var.
Summary: SELinux is preventing /bin/df from read access on the directory var.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.4
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Michal Trunecka
URL:
Whiteboard:
Depends On:
Blocks: 1005184
TreeView+ depends on / blocked
 
Reported: 2013-08-01 12:24 UTC by Gowrishankar Rajaiyan
Modified: 2014-09-30 23:35 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.7.19-210.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1005184 (view as bug list)
Environment:
Last Closed: 2013-11-21 10:48:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1598 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2013-11-20 21:39:24 UTC

Description Gowrishankar Rajaiyan 2013-08-01 12:24:55 UTC 
Description of problem: As per RHS-RHOS integration, /etc/cinder/cinder.conf consists of the following parameter:
<snip>
glusterfs_disk_util = df
glusterfs_mount_point_base = /var/lib/cinder/volumes
</snip>

It is required for "df" to access var.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-3.7.19-195.el6_4.12.noarch
libselinux-ruby-2.0.94-5.3.el6_4.1.x86_64
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
openstack-selinux-0.1.2-10.el6ost.noarch
libselinux-2.0.94-5.3.el6_4.1.x86_64


SELinux is preventing /bin/df from read access on the directory var.

*****  Plugin catchall_labels (83.8 confidence) suggests  ********************

If you want to allow df to have read access on the var directory
Then you need to change the label on var
Do
# semanage fcontext -a -t FILE_TYPE 'var'
where FILE_TYPE is one of the following: bin_t, device_t, devpts_t, locale_t, etc_t, nrpe_t, proc_t, sysfs_t, sysctl_crypto_t, sssd_public_t, udev_tbl_t, abrt_t, lib_t, root_t, device_t, usr_t, etc_t, var_lib_t, var_run_t, configfile, domain, cert_type, nrpe_var_run_t, net_conf_t, sysctl_kernel_t, var_run_t, configfile, sysctl_kernel_t, nscd_var_run_t, root_t, device_t, devpts_t. 
Then execute: 
restorecon -v 'var'


*****  Plugin catchall (17.1 confidence) suggests  ***************************

If you believe that df should be allowed read access on the var directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep df /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 2 Milos Malik 2013-08-01 12:38:03 UTC 
Could you copy&paste the AVC here too?
# ausearch -m avc -i
Comment 3 Gowrishankar Rajaiyan 2013-08-02 04:29:42 UTC 
[root@dhcp201-146 cinder(keystone_admin)]# ausearch -m avc -i
----
type=SYSCALL msg=audit(08/02/2013 03:15:42.088:562777) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6299ff63 a1=100 a2=0 a3=7fff6299f0b0 items=0 ppid=31011 pid=31012 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:15:42.088:562777) : avc:  denied  { read } for  pid=31012 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 03:25:42.143:565478) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff8a50bf63 a1=100 a2=0 a3=7fff8a509fd0 items=0 ppid=814 pid=815 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:25:42.143:565478) : avc:  denied  { read } for  pid=815 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 03:55:42.064:573579) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff1d5cbf63 a1=100 a2=0 a3=7fff1d5cb400 items=0 ppid=7701 pid=7702 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 03:55:42.064:573579) : avc:  denied  { read } for  pid=7702 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:05:42.123:576271) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff4c854f63 a1=100 a2=0 a3=7fff4c852ae0 items=0 ppid=10069 pid=10070 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:05:42.123:576271) : avc:  denied  { read } for  pid=10070 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:15:42.176:578972) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6d41ef63 a1=100 a2=0 a3=7fff6d41cc70 items=0 ppid=12355 pid=12356 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:15:42.176:578972) : avc:  denied  { read } for  pid=12356 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:25:42.229:581673) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff6e49ef63 a1=100 a2=0 a3=7fff6e49e1e0 items=0 ppid=14633 pid=14634 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:25:42.229:581673) : avc:  denied  { read } for  pid=14634 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:35:42.036:584369) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2f380f63 a1=100 a2=0 a3=7fff2f37fd90 items=0 ppid=16948 pid=16949 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:35:42.036:584369) : avc:  denied  { read } for  pid=16949 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:45:42.092:587070) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff018d7f63 a1=100 a2=0 a3=7fff018d7300 items=0 ppid=19215 pid=19216 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:45:42.092:587070) : avc:  denied  { read } for  pid=19216 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 04:55:42.146:589771) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff52aa3f63 a1=100 a2=0 a3=7fff52aa32e0 items=0 ppid=21476 pid=21477 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 04:55:42.146:589771) : avc:  denied  { read } for  pid=21477 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:05:42.203:592478) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffeeb45f63 a1=100 a2=0 a3=7fffeeb45430 items=0 ppid=23749 pid=23750 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:05:42.203:592478) : avc:  denied  { read } for  pid=23750 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:15:42.009:595179) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffdde4df63 a1=100 a2=0 a3=7fffdde4ca40 items=0 ppid=26010 pid=26011 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:15:42.009:595179) : avc:  denied  { read } for  pid=26011 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:35:42.121:600565) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff65b35f63 a1=100 a2=0 a3=7fff65b33f60 items=0 ppid=30512 pid=30513 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:35:42.121:600565) : avc:  denied  { read } for  pid=30513 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:45:42.180:603266) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffd54b4f63 a1=100 a2=0 a3=7fffd54b40f0 items=0 ppid=306 pid=307 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:45:42.180:603266) : avc:  denied  { read } for  pid=307 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 05:55:42.234:605967) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff4a4d5f63 a1=100 a2=0 a3=7fff4a4d3b10 items=0 ppid=2638 pid=2639 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 05:55:42.234:605967) : avc:  denied  { read } for  pid=2639 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:05:42.047:608674) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff5354ef63 a1=100 a2=0 a3=7fff5354e3e0 items=0 ppid=4933 pid=4934 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:05:42.047:608674) : avc:  denied  { read } for  pid=4934 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:15:42.103:611375) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff00e5bf63 a1=100 a2=0 a3=7fff00e59950 items=0 ppid=7216 pid=7217 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:15:42.103:611375) : avc:  denied  { read } for  pid=7217 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:25:42.161:614069) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff33a3ff63 a1=100 a2=0 a3=7fff33a3e7b0 items=0 ppid=9504 pid=9506 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:25:42.161:614069) : avc:  denied  { read } for  pid=9506 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:35:42.215:616767) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff96acaf63 a1=100 a2=0 a3=7fff96ac8f80 items=0 ppid=11870 pid=11871 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:35:42.215:616767) : avc:  denied  { read } for  pid=11871 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:45:42.023:619453) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff33098f63 a1=100 a2=0 a3=7fff33096a50 items=0 ppid=14122 pid=14123 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:45:42.023:619453) : avc:  denied  { read } for  pid=14123 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 06:55:42.079:622154) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffdc3d1f63 a1=100 a2=0 a3=7fffdc3d14f0 items=0 ppid=16418 pid=16419 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 06:55:42.079:622154) : avc:  denied  { read } for  pid=16419 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:05:42.133:624861) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff60fb4f63 a1=100 a2=0 a3=7fff60fb2fe0 items=0 ppid=18725 pid=18726 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:05:42.133:624861) : avc:  denied  { read } for  pid=18726 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:15:42.189:627562) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffb822ff63 a1=100 a2=0 a3=7fffb822efa0 items=0 ppid=20987 pid=20988 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:15:42.189:627562) : avc:  denied  { read } for  pid=20988 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:25:42.246:630248) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffc35f3f63 a1=100 a2=0 a3=7fffc35f2820 items=0 ppid=23223 pid=23224 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:25:42.246:630248) : avc:  denied  { read } for  pid=23224 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:35:42.054:632949) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffa9b4af63 a1=100 a2=0 a3=7fffa9b49080 items=0 ppid=25485 pid=25486 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:35:42.054:632949) : avc:  denied  { read } for  pid=25486 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:45:42.114:635650) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2109cf63 a1=100 a2=0 a3=7fff2109b610 items=0 ppid=27747 pid=27748 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:45:42.114:635650) : avc:  denied  { read } for  pid=27748 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 07:55:42.168:638351) : arch=x86_64 syscall=open success=yes exit=3 a0=7ffff4266f63 a1=100 a2=0 a3=7ffff4266790 items=0 ppid=30011 pid=30012 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 07:55:42.168:638351) : avc:  denied  { read } for  pid=30012 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:05:42.223:641058) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff884def63 a1=100 a2=0 a3=7fff884ddd20 items=0 ppid=32284 pid=32285 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:05:42.223:641058) : avc:  denied  { read } for  pid=32285 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:15:42.030:643754) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffc5ac6f63 a1=100 a2=0 a3=7fffc5ac6050 items=0 ppid=2144 pid=2145 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:15:42.030:643754) : avc:  denied  { read } for  pid=2145 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:25:42.086:646455) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffb5b2df63 a1=100 a2=0 a3=7fffb5b2d3f0 items=0 ppid=4427 pid=4428 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:25:42.086:646455) : avc:  denied  { read } for  pid=4428 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:35:42.144:649156) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff41e11f63 a1=100 a2=0 a3=7fff41e0fc50 items=0 ppid=6710 pid=6711 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:35:42.144:649156) : avc:  denied  { read } for  pid=6711 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:45:42.205:651857) : arch=x86_64 syscall=open success=yes exit=3 a0=7ffffa53ef63 a1=100 a2=0 a3=7ffffa53cf90 items=0 ppid=8990 pid=8991 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:45:42.205:651857) : avc:  denied  { read } for  pid=8991 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 08:55:42.016:654543) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff25c06f63 a1=100 a2=0 a3=7fff25c065d0 items=0 ppid=11345 pid=11346 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 08:55:42.016:654543) : avc:  denied  { read } for  pid=11346 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:05:42.072:657250) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff14e68f63 a1=100 a2=0 a3=7fff14e68190 items=0 ppid=13640 pid=13641 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:05:42.072:657250) : avc:  denied  { read } for  pid=13641 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:15:42.129:659951) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff06d4df63 a1=100 a2=0 a3=7fff06d4ba90 items=0 ppid=15947 pid=15948 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:15:42.129:659951) : avc:  denied  { read } for  pid=15948 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:25:42.184:662652) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff2c75bf63 a1=100 a2=0 a3=7fff2c75b200 items=0 ppid=18241 pid=18242 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:25:42.184:662652) : avc:  denied  { read } for  pid=18242 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:35:42.241:665353) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffa9c1ff63 a1=100 a2=0 a3=7fffa9c1e180 items=0 ppid=20505 pid=20506 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:35:42.241:665353) : avc:  denied  { read } for  pid=20506 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:45:42.045:668054) : arch=x86_64 syscall=open success=yes exit=3 a0=7fffe16a5f63 a1=100 a2=0 a3=7fffe16a4700 items=0 ppid=22766 pid=22767 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:45:42.045:668054) : avc:  denied  { read } for  pid=22767 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
----
type=SYSCALL msg=audit(08/02/2013 09:55:42.106:670755) : arch=x86_64 syscall=open success=yes exit=3 a0=7fff5ef7cf63 a1=100 a2=0 a3=7fff5ef7bfa0 items=0 ppid=25028 pid=25029 auid=root uid=nrpe gid=nrpe euid=nrpe suid=nrpe fsuid=nrpe egid=nrpe sgid=nrpe fsgid=nrpe tty=(none) ses=453 comm=df exe=/bin/df subj=unconfined_u:system_r:nrpe_t:s0 key=(null) 
type=AVC msg=audit(08/02/2013 09:55:42.106:670755) : avc:  denied  { read } for  pid=25029 comm=df name=var dev=dm-0 ino=3014657 scontext=unconfined_u:system_r:nrpe_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir 
[root@dhcp201-146 cinder(keystone_admin)]#
Comment 4 Daniel Walsh 2013-08-02 14:47:56 UTC 
Looks like nrpe is attempting to list the contents of /var?
Comment 7 errata-xmlrpc 2013-11-21 10:48:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1598.html
Note You need to log in before you can comment on or make changes to this bug.