Actions
Bug #14660
closedselinux denials during rbd test run
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Following denails are seen for ceph-osd during rbd test with ceph-deploy
SELinuxError: SELinux denials found on ubuntu@vpm130.front.sepia.ceph.com: ['type=AVC msg=audit(1454631049.211:348): avc: denied { ioctl } for pid=7958 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/kern.log" dev="vda1" ino=184549511 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454631040.829:307): avc: denied { search } for pid=7958 comm=72733A6D61696E20513A526567 name="cephtest" dev="vda1" ino=159383848 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir', 'type=AVC msg=audit(1454633044.929:3772): avc: denied { read } for pid=21665 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file', 'type=AVC msg=audit(1454632968.211:3627): avc: denied { read } for pid=19972 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file', 'type=AVC msg=audit(1454631040.829:306): avc: denied { search } for pid=7958 comm=72733A6D61696E20513A526567 name="cephtest" dev="vda1" ino=159383848 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir', 'type=AVC msg=audit(1454633046.524:3780): avc: denied { read } for pid=21833 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file', 'type=AVC msg=audit(1454631040.854:312): avc: denied { ioctl } for pid=7958 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/misc.log" dev="vda1" ino=184549512 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454631730.990:2133): avc: denied { ioctl } for pid=12525 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/kern.log" dev="vda1" ino=184549511 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454631040.854:311): avc: denied { open } for pid=7958 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/misc.log" dev="vda1" ino=184549512 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454633048.348:3782): avc: denied { getattr } for pid=22015 comm="ceph-osd" path="/dev/sr0" dev="devtmpfs" ino=8749 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file', 'type=AVC msg=audit(1454632967.188:3624): avc: denied { dac_override } for pid=19864 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454631040.485:293): avc: denied { search } for pid=7958 comm=72733A6D61696E20513A526567 name="cephtest" dev="vda1" ino=159383848 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir', 'type=AVC msg=audit(1454631657.447:2125): avc: denied { ioctl } for pid=12525 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/misc.log" dev="vda1" ino=184549512 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454631040.485:294): avc: denied { search } for pid=7958 comm=72733A6D61696E20513A526567 name="cephtest" dev="vda1" ino=159383848 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir', 'type=AVC msg=audit(1454631049.211:347): avc: denied { open } for pid=7958 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/kern.log" dev="vda1" ino=184549511 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454632971.258:3634): avc: denied { getattr } for pid=20305 comm="ceph-osd" path="/dev/sr0" dev="devtmpfs" ino=8749 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file', 'type=AVC msg=audit(1454632969.542:3632): avc: denied { read } for pid=20090 comm="ceph-osd" path="/run/lock/ceph-disk" dev="tmpfs" ino=86917 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file', 'type=AVC msg=audit(1454632971.385:3635): avc: denied { dac_override } for pid=20353 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454631040.829:305): avc: denied { search } for pid=7958 comm=72733A6D61696E20513A526567 name="cephtest" dev="vda1" ino=159383848 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir', 'type=AVC msg=audit(1454631730.990:2132): avc: denied { open } for pid=12525 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/kern.log" dev="vda1" ino=184549511 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454633045.627:3777): avc: denied { dac_override } for pid=21709 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454632981.199:3759): avc: denied { dac_override } for pid=20811 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454632980.825:3756): avc: denied { dac_override } for pid=20786 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454633048.389:3783): avc: denied { dac_override } for pid=22052 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 'type=AVC msg=audit(1454631657.447:2124): avc: denied { open } for pid=12525 comm=72733A6D61696E20513A526567 path="/home/ubuntu/cephtest/archive/syslog/misc.log" dev="vda1" ino=184549512 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file', 'type=AVC msg=audit(1454632903.971:3609): avc: denied { dac_override } for pid=19076 comm="ceph-osd" capability=1 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability']
Actions