Project

General

Profile

Bug #16675

"SELinux denials" in ceph-deploy-jewel-distro-basic-mira

Added by Yuri Weinstein about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
-
Target version:
-
% Done:

0%

Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
ceph-deploy
Pull request ID:
Crash signature:

Description

Run: http://pulpito.ceph.com/teuthology-2016-07-13_02:50:02-ceph-deploy-jewel-distro-basic-mira/
Jobs: ['312106', '312111', '312113','312108']
Logs for one: http://qa-proxy.ceph.com/teuthology/teuthology-2016-07-13_02:50:02-ceph-deploy-jewel-distro-basic-mira/312106/teuthology.log

2016-07-13T03:34:32.676 DEBUG:teuthology.run_tasks:Unwinding manager selinux
2016-07-13T03:34:32.783 INFO:teuthology.orchestra.run.mira034:Running: 'mkdir /home/ubuntu/cephtest/archive/audit && sudo cp /var/log/audit/audit.log /home/ubuntu/cephtest/archive/audit && sudo chown $USER /home/ubuntu/cephtest/archive/audit/audit.log && gzip /home/ubuntu/cephtest/archive/audit/audit.log'
2016-07-13T03:34:32.941 INFO:teuthology.orchestra.run.mira101:Running: 'mkdir /home/ubuntu/cephtest/archive/audit && sudo cp /var/log/audit/audit.log /home/ubuntu/cephtest/archive/audit && sudo chown $USER /home/ubuntu/cephtest/archive/audit/audit.log && gzip /home/ubuntu/cephtest/archive/audit/audit.log'
2016-07-13T03:34:33.092 INFO:teuthology.orchestra.run.mira101:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-07-13T03:34:33.193 DEBUG:teuthology.task.selinux:ubuntu@mira101.front.sepia.ceph.com has 3 denials
2016-07-13T03:34:33.196 INFO:teuthology.orchestra.run.mira034:Running: 'sudo grep \'avc: .*denied\' /var/log/audit/audit.log | grep -v \'\\(comm="dmidecode"\\|chronyd.service\\|name="cephtest"\\|scontext=system_u:system_r:nrpe_t:s0\\|scontext=system_u:system_r:pcp_pmlogger_t\\|scontext=system_u:system_r:pcp_pmcd_t:s0\\)\''
2016-07-13T03:34:33.296 DEBUG:teuthology.task.selinux:ubuntu@mira034.front.sepia.ceph.com has 4 denials
2016-07-13T03:34:33.296 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
  File "/home/teuthworker/src/teuthology_master/teuthology/run_tasks.py", line 139, in run_tasks
    suppress = manager.__exit__(*exc_info)
  File "/home/teuthworker/src/teuthology_master/teuthology/task/__init__.py", line 134, in __exit__
    self.teardown()
  File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 144, in teardown
    self.get_new_denials()
  File "/home/teuthworker/src/teuthology_master/teuthology/task/selinux.py", line 192, in get_new_denials
    denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@mira101.front.sepia.ceph.com: ['type=AVC msg=audit(1468406026.627:4904): avc:  denied  { read } for  pid=29323 comm="signal_handler" name="cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file', 'type=AVC msg=audit(1468406026.627:4903): avc:  denied  { read } for  pid=29519 comm="signal_handler" name="cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file', 'type=AVC msg=audit(1468406026.627:4903): avc:  denied  { open } for  pid=29519 comm="signal_handler" path="/proc/1/cmdline" dev="proc" ino=7392 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file']

History

#2 Updated by Yuri Weinstein almost 4 years ago

  • Priority changed from Normal to Urgent

#3 Updated by Kefu Chai almost 4 years ago

this is a regression introduced by e7c4246d

#4 Updated by Kefu Chai almost 4 years ago

  • Status changed from New to Fix Under Review
  • Assignee set to Kefu Chai

#5 Updated by Kefu Chai almost 4 years ago

  • Status changed from Fix Under Review to Resolved

Also available in: Atom PDF