Actions
Bug #16126
closedselinux denials in RGW
% Done:
0%
Source:
other
Tags:
Backport:
jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
From a test branch running fs suite based on yesterday's master.
2016-06-02T02:40:55.252 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks
suppress = manager.__exit__(*exc_info)
File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
self.teardown()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown
self.get_new_denials()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials
denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@mira061.front.sepia.ceph.com: ['type=AVC msg=audit(1464859531.364:3604): avc: denied { chown } for pid=19750 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1464859531.413:3605): avc: denied { setattr } for pid=19750 comm="radosgw" name="ceph-client.rgw.mira061.asok" dev="tmpfs" ino=75922 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:ceph_var_run_t:s0 tclass=sock_file', 'type=AVC msg=audit(1464859532.172:3627): avc: denied { setattr } for pid=19810 comm="radosgw" name="ceph-client.rgw.mira061.asok" dev="tmpfs" ino=75247 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:ceph_var_run_t:s0 tclass=sock_file']
Updated by Ilya Dryomov almost 8 years ago
Three more from the kcephfs suite:
http://pulpito.ceph.com/dis-2016-06-02_03:02:07-kcephfs-master-master-fsx-basic-mira/230411/
http://pulpito.ceph.com/dis-2016-06-02_03:02:07-kcephfs-master-master-fsx-basic-mira/230445/
http://pulpito.ceph.com/dis-2016-06-02_03:02:07-kcephfs-master-master-fsx-basic-mira/230449/
All on mira061 - a CentOS problem?
Updated by Greg Farnum almost 8 years ago
- Assignee set to Boris Ranto
- Priority changed from Normal to High
I think Boris has dealt with all of these in the past, right?
Updated by Boris Ranto almost 8 years ago
I think we should just add these two:
Updated by Kefu Chai almost 8 years ago
- Status changed from New to Fix Under Review
Updated by Nathan Cutler almost 8 years ago
- Related to Bug #16270: avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability added
Updated by John Spray almost 8 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport set to jewel
Updated by Nathan Cutler almost 8 years ago
- Related to deleted (Bug #16270: avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability)
Updated by Nathan Cutler almost 8 years ago
- Has duplicate Bug #16270: avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability added
Updated by Nathan Cutler almost 8 years ago
- Copied to Backport #16312: jewel: selinux denials in RGW added
Updated by Loïc Dachary over 7 years ago
- Status changed from Pending Backport to Resolved
Actions