Project

General

Profile

Actions
Copy link

Bug #21145

closed

smithi selinux logrotate warnings

Added by Sage Weil over 6 years ago. Updated over 5 years ago.

Status:
Can't reproduce
Priority:
High
Assignee:
David Galloway
Category:
Test Node
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

SELinux denials found on : ['type=AVC msg=audit(1503805441.662:32347): avc: denied { unlink } for pid=28521 comm="logrotate" name="logrotate.status" dev="sda1" ino=27266987 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.613:32345): avc: denied { create } for pid=28521 comm="logrotate" name="logrotate.status.tmp" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.613:32345): avc: denied { write } for pid=28521 comm="logrotate" path="/var/lib/logrotate/logrotate.status.tmp" dev="sda1" ino=27266690 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.543:32344): avc: denied { open } for pid=28521 comm="logrotate" path="/var/lib/logrotate/logrotate.status" dev="sda1" ino=27266987 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.662:32347): avc: denied { rename } for pid=28521 comm="logrotate" name="logrotate.status.tmp" dev="sda1" ino=27266690 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.613:32346): avc: denied { setattr } for pid=28521 comm="logrotate" name="logrotate.status.tmp" dev="sda1" ino=27266690 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file', 'type=AVC msg=audit(1503805441.543:32344): avc: denied { read } for pid=28521 comm="logrotate" name="logrotate.status" dev="sda1" ino=27266987 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file']

/a/sage-2017-08-26_20:38:41-rados-luminous-distro-basic-smithi/1568111

Actions
Copy link
 #1

Updated by David Galloway over 6 years ago

  • Category set to Test Node
  • Status changed from New to 4
  • Assignee set to David Galloway

The selinux audit logs have already cycled through by now on that testnode and I can't reproduce the issue.

I did find https://bugzilla.redhat.com/show_bug.cgi?id=1422424 which seems to be the problem but we're already on the latest selinux-policy package on all centos testnodes and have been for weeks.

Actions
Copy link
 #2

Updated by David Galloway over 5 years ago

  • Status changed from 4 to Can't reproduce
Actions
Copy link

Also available in: Atom PDF