Actions
Bug #17074
closed"SELinux denials" in knfs-master-testing-basic-smithi
% Done:
0%
Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
knfs
Component(FS):
Labels (FS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
This is point release tests hammer 0.94.8
Run: http://pulpito.front.sepia.ceph.com/yuriw-2016-08-17_20:57:47-knfs-master-testing-basic-smithi/
Jobs: 371357,371358,371361,371362,371362
Logs: http://qa-proxy.ceph.com/teuthology/yuriw-2016-08-17_20:57:47-knfs-master-testing-basic-smithi/371357/teuthology.log
2016-08-18T00:31:34.414 INFO:teuthology.orchestra.run.smithi024.stdout:type=AVC msg=audit(1471480016.596:3631): avc: denied { write } for pid=27308 comm="rpc.mountd" name="nfsd.export" dev="proc" ino=4026532417 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir permissive=1
2016-08-18T00:31:34.414 INFO:teuthology.orchestra.run.smithi024.stdout:type=AVC msg=audit(1471480016.596:3631): avc: denied { add_name } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir permissive=1
2016-08-18T00:31:34.414 INFO:teuthology.orchestra.run.smithi024.stdout:type=AVC msg=audit(1471480016.596:3631): avc: denied { create } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=file permissive=1
2016-08-18T00:31:34.414 INFO:teuthology.orchestra.run.smithi024.stdout:type=AVC msg=audit(1471480016.596:3631): avc: denied { associate } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:object_r:sysctl_rpc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=1
2016-08-18T00:31:34.415 DEBUG:teuthology.task.selinux:ubuntu@smithi024.front.sepia.ceph.com has 4 denials
2016-08-18T00:31:34.415 INFO:teuthology.orchestra.run.smithi009:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-08-18T00:31:34.582 INFO:teuthology.orchestra.run.smithi021:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-08-18T00:31:34.758 INFO:teuthology.orchestra.run.smithi015:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-08-18T00:31:34.923 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks
suppress = manager.__exit__(*exc_info)
File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
self.teardown()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown
self.get_new_denials()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials
denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@smithi024.front.sepia.ceph.com: ['type=AVC msg=audit(1471480016.596:3631): avc: denied { create } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1471480016.596:3631): avc: denied { write } for pid=27308 comm="rpc.mountd" name="nfsd.export" dev="proc" ino=4026532417 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir permissive=1', 'type=AVC msg=audit(1471480016.596:3631): avc: denied { associate } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:object_r:sysctl_rpc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=filesystem permissive=1', 'type=AVC msg=audit(1471480016.596:3631): avc: denied { add_name } for pid=27308 comm="rpc.mountd" name="channel" scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_rpc_t:s0 tclass=dir permissive=1']
Updated by David Galloway over 7 years ago
- Project changed from sepia to Ceph
Not a result of environmental issue or system misconfiguration.
Updated by Greg Farnum over 7 years ago
- Project changed from Ceph to CephFS
- Category set to NFS (Linux Kernel)
- Status changed from New to Need More Info
- Assignee set to Yuri Weinstein
- Priority changed from Urgent to Normal
I don't think CephFS/knfs tests and SELinux ever worked on Hammer. Yuri, can you find evidence they did or else close this?
Updated by Yuri Weinstein over 7 years ago
the suite defensively passed in previous point releases
http://pulpito.ovh.sepia.ceph.com:8081/teuthology-2016-04-24_20:10:01-knfs-hammer-testing-basic-openstack/
but we have no logs saved for this
Updated by Yuri Weinstein over 7 years ago
- Status changed from Need More Info to Closed
per IRC
(09:54:34 AM) yuriw: loicd dgalloway can we say that old tests for hammer ran in ovh never had SELinux enabled ?
(09:58:06 AM) zackc: yuriw: unless something changed, we haven't used selinux on VMs before
(09:54:34 AM) yuriw: loicd dgalloway can we say that old tests for hammer ran in ovh never had SELinux enabled ? (09:58:06 AM) zackc: yuriw: unless something changed, we haven't used selinux on VMs before
So irrelevant for hammer
Updated by Yuri Weinstein over 7 years ago
- Related to Bug #17192: "SELinux denials" in knfs-master-testing-basic-smithi added
Actions