Bug #14244
closed
"SELinux denials found" in rados-jewel-distro-basic-smithi
Added by Yuri Weinstein over 8 years ago.
Updated about 8 years ago.
Description
Run: http://pulpito.ceph.com/teuthology-2016-01-02_19:00:08-rados-jewel-distro-basic-smithi/
Jobs: ['11937', '11938', '11965']
Logs: http://qa-proxy.ceph.com/teuthology/teuthology-2016-01-02_19:00:08-rados-jewel-distro-basic-smithi/11937/teuthology.log
2016-01-04T11:04:58.581 DEBUG:teuthology.task.selinux:ubuntu@smithi012.front.sepia.ceph.com has 1 denials
2016-01-04T11:04:58.582 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 125, in run_tasks
suppress = manager.__exit__(*exc_info)
File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
self.teardown()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 110, in teardown
self.get_new_denials()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 158, in get_new_denials
denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@smithi012.front.sepia.ceph.com: ['type=AVC msg=audit(1451931237.151:8195): avc: denied { search } for pid=30751 comm=72733A6D61696E20513A526567 name="cephtest" dev="sda1" ino=8650942 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir']
- Priority changed from Normal to High
- Affected Versions v0.21.1 added
Looks like the issue could be resolved by requireing a new version of chrony, we've got access to it in base package repo
[ubuntu@smithi012 ~]$ lsb_release -a
LSB Version: :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch
Distributor ID: CentOS
Description: CentOS Linux release 7.1.1503 (Core)
Release: 7.1.1503
Codename: Core
[ubuntu@smithi012 ~]$ rpm -qa | grep chrony
chrony-1.29.1-1.el7.centos.x86_64
[ubuntu@smithi012 ~]$
=============================
[ubuntu@smithi012 ~]$ yum info chrony
Loaded plugins: fastestmirror, langpacks, priorities
base | 3.6 kB 00:00:00
centos7-fcgi-ceph | 951 B 00:00:00
epel | 4.3 kB 00:00:00
extras | 3.4 kB 00:00:00
lab-extras | 951 B 00:00:00
updates | 3.4 kB 00:00:00
Determining fastest mirrors
* base: mirror.symnds.com
* epel: fedora-epel.mirror.lstn.net
* extras: mirror.symnds.com
* updates: mirror.symnds.com
centos7-fcgi-ceph 3/3
lab-extras 2/2
Installed Packages
Name : chrony
Arch : x86_64
Version : 1.29.1
Release : 1.el7.centos
Size : 554 k
Repo : installed
From repo : anaconda
Summary : An NTP client/server
URL : http://chrony.tuxfamily.org
License : GPLv2
Description : A client/server for the Network Time Protocol, this program keeps your
: computer's clock accurate. It was specially designed to support
: systems with intermittent internet connections, but it also works well
: in permanently connected environments. It can use also hardware reference
: clocks, system real-time clock or manual input as time references.
Available Packages
Name : chrony
Arch : x86_64
Version : 2.1.1
Release : 1.el7.centos
Size : 280 k
Repo : base/7/x86_64
Summary : An NTP client/server
URL : http://chrony.tuxfamily.org
License : GPLv2
Description : A client/server for the Network Time Protocol, this program keeps your
: computer's clock accurate. It was specially designed to support
: systems with intermittent internet connections, but it also works well
: in permanently connected environments. It can use also hardware reference
: clocks, system real-time clock or manual input as time references.
[ubuntu@smithi012 ~]$
- Priority changed from High to Urgent
- Related to Bug #14660: selinux denials during rbd test run added
- Status changed from New to Fix Under Review
Is anyone tracking the actual chrony
bug/fix?
- Status changed from Fix Under Review to Resolved
Also available in: Atom
PDF