Project

General

Profile

Bug #16270

avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability

Added by Yuri Weinstein almost 3 years ago. Updated almost 3 years ago.

Status:
Duplicate
Priority:
Urgent
Assignee:
-
Target version:
-
Start date:
06/13/2016
Due date:
% Done:

0%

Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

Run: http://pulpito.ceph.com/teuthology-2016-06-12_02:50:02-ceph-deploy-jewel-distro-basic-mira/
Job: 254140
Logs: http://qa-proxy.ceph.com/teuthology/teuthology-2016-06-12_02:50:02-ceph-deploy-jewel-distro-basic-mira/254140/teuthology.log

2016-06-12T03:39:36.671 DEBUG:teuthology.task.selinux:ubuntu@mira061.front.sepia.ceph.com has 1 denials
2016-06-12T03:39:36.671 INFO:teuthology.orchestra.run.mira112:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-06-12T03:39:36.769 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
  File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks
    suppress = manager.__exit__(*exc_info)
  File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
    self.teardown()
  File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown
    self.get_new_denials()
  File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials
    denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@mira061.front.sepia.ceph.com: ['type=AVC msg=audit(1465727407.811:4247): avc:  denied  { chown } for  pid=31296 comm="radosgw" capability=0  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability']
2016-06-12T03:39:36.769 DEBUG:teuthology.run_tasks:Unwinding manager pcp

Related issues

Duplicates rgw - Bug #16126: selinux denials in RGW Resolved 06/02/2016

History

#1 Updated by Yuri Weinstein almost 3 years ago

  • Description updated (diff)

#2 Updated by Yuri Weinstein almost 3 years ago

  • Backport deleted (2016-06-12T03:39:36.671 DEBUG:teuthology.task.selinux:ubuntu@mira061.front.sepia.ceph.com has 1 denials 2016-06-12T03:39:36.671 INFO:teuthology.orchestra.run.mira112:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\'' 2016-06-12T03:39:36.769 ERROR:teuthology.run_tasks:Manager failed: selinux Traceback (most recent call last): File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks suppress = manager.__exit__(*exc_info) File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__ self.teardown() File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown self.get_new_denials() File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials denials=new_denials[remote.name]) SELinuxError: SELinux denials found on ubuntu@mira061.front.sepia.ceph.com: ['type=AVC msg=audit(1465727407.811:4247): avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability'] 2016-06-12T03:39:36.769 DEBUG:teuthology.run_tasks:Unwinding manager pcp)

#3 Updated by Yuri Weinstein almost 3 years ago

  • Description updated (diff)

#4 Updated by Yuri Weinstein almost 3 years ago

  • Project changed from Ceph to sepia
  • Assignee set to David Galloway

#5 Updated by Zack Cerza almost 3 years ago

  • Project changed from sepia to rgw
  • Subject changed from "SELinux denials found on ubuntu@mira061.front.sepia.ceph.com" in ceph-deploy-jewel-distro-basic-mira to avc: denied { chown } for pid=31296 comm="radosgw" capability=0 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability
  • Assignee deleted (David Galloway)

This is rgw, not sepia

#6 Updated by Nathan Cutler almost 3 years ago

  • Related to Bug #16126: selinux denials in RGW added

#7 Updated by Nathan Cutler almost 3 years ago

I added relates to #16126, but maybe it should be "duplicates".

#8 Updated by Orit Wasserman almost 3 years ago

  • Status changed from New to Duplicate

duplicate #16126

#9 Updated by Nathan Cutler almost 3 years ago

  • Related to deleted (Bug #16126: selinux denials in RGW)

#10 Updated by Nathan Cutler almost 3 years ago

  • Duplicates Bug #16126: selinux denials in RGW added

Also available in: Atom PDF