Actions
Bug #16675
closed"SELinux denials" in ceph-deploy-jewel-distro-basic-mira
% Done:
0%
Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
ceph-deploy
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Run: http://pulpito.ceph.com/teuthology-2016-07-13_02:50:02-ceph-deploy-jewel-distro-basic-mira/
Jobs: ['312106', '312111', '312113','312108']
Logs for one: http://qa-proxy.ceph.com/teuthology/teuthology-2016-07-13_02:50:02-ceph-deploy-jewel-distro-basic-mira/312106/teuthology.log
2016-07-13T03:34:32.676 DEBUG:teuthology.run_tasks:Unwinding manager selinux
2016-07-13T03:34:32.783 INFO:teuthology.orchestra.run.mira034:Running: 'mkdir /home/ubuntu/cephtest/archive/audit && sudo cp /var/log/audit/audit.log /home/ubuntu/cephtest/archive/audit && sudo chown $USER /home/ubuntu/cephtest/archive/audit/audit.log && gzip /home/ubuntu/cephtest/archive/audit/audit.log'
2016-07-13T03:34:32.941 INFO:teuthology.orchestra.run.mira101:Running: 'mkdir /home/ubuntu/cephtest/archive/audit && sudo cp /var/log/audit/audit.log /home/ubuntu/cephtest/archive/audit && sudo chown $USER /home/ubuntu/cephtest/archive/audit/audit.log && gzip /home/ubuntu/cephtest/archive/audit/audit.log'
2016-07-13T03:34:33.092 INFO:teuthology.orchestra.run.mira101:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-07-13T03:34:33.193 DEBUG:teuthology.task.selinux:ubuntu@mira101.front.sepia.ceph.com has 3 denials
2016-07-13T03:34:33.196 INFO:teuthology.orchestra.run.mira034:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-07-13T03:34:33.296 DEBUG:teuthology.task.selinux:ubuntu@mira034.front.sepia.ceph.com has 4 denials
2016-07-13T03:34:33.296 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks
suppress = manager.__exit__(*exc_info)
File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
self.teardown()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown
self.get_new_denials()
File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials
denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@mira101.front.sepia.ceph.com: ['type=AVC msg=audit(1468406026.627:4904): avc: denied { read } for pid=29323 comm="signal_handler" name="cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file', 'type=AVC msg=audit(1468406026.627:4903): avc: denied { read } for pid=29519 comm="signal_handler" name="cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file', 'type=AVC msg=audit(1468406026.627:4903): avc: denied { open } for pid=29519 comm="signal_handler" path="/proc/1/cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file']
Updated by Yuri Weinstein almost 8 years ago
- Priority changed from Normal to Urgent
http://pulpito.ceph.com/teuthology-2016-07-17_02:50:02-ceph-deploy-jewel-distro-basic-mira/
['319273', '319275', '319280']
['319278']
Updated by Kefu Chai almost 8 years ago
this is a regression introduced by e7c4246d
Updated by Kefu Chai almost 8 years ago
- Status changed from New to Fix Under Review
- Assignee set to Kefu Chai
Updated by Kefu Chai almost 8 years ago
- Status changed from Fix Under Review to Resolved
Actions