Project

General

Profile

Actions
Copy link

Bug #20184

closed

SELinux denials (the files in /var/log/ceph get mislabeled)

Added by Yuri Weinstein almost 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Boris Ranto
Category:
-
Target version:
-
% Done:

0%

Source:
Q/A
Tags:
Backport:
kraken, jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Run: http://pulpito.ceph.com/yuriw-2017-06-03_15:35:34-rados-wip-yuri-testing_2017_7_4---basic-smithi/
Logs: http://qa-proxy.ceph.com/teuthology/yuriw-2017-06-03_15:35:34-rados-wip-yuri-testing_2017_7_4---basic-smithi/1259202/teuthology.log

SELinuxError: SELinux denials found on ubuntu@smithi139.front.sepia.ceph.com: ['type=AVC msg=audit(1496504537.958:52827): avc:  denied  { open } for  pid=242759 comm="ceph-mon" path="/var/log/ceph/ceph-mon.smithi139.log" dev="sda1" ino=7080364 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc:  denied  { create } for  pid=242598 comm="ceph-mon" name="ceph-mon.smithi139.log" scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc:  denied  { write } for  pid=242598 comm="ceph-mon" name="ceph" dev="sda1" ino=7080331 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir', 'type=AVC msg=audit(1496504527.770:52792): avc:  denied  { open } for  pid=242598 comm="ceph-mon" path="/var/log/ceph/ceph-mon.smithi139.log" dev="sda1" ino=7080364 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc:  denied  { add_name } for  pid=242598 comm="ceph-mon" name="ceph-mon.smithi139.log" scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir']
2017-06-03T15:52:59.760 DEBUG:teuthology.run_tasks:Unwinding manager pcp

Related issues 2 (0 open2 closed)

Copied to Ceph - Backport #20191: kraken: SELinux denials (the files in /var/log/ceph get mislabeled)ResolvedBoris RantoActions
Copied to Ceph - Backport #20192: jewel: SELinux denials (the files in /var/log/ceph get mislabeled)ResolvedBoris RantoActions
Actions
Copy link
 #1

Updated by Boris Ranto almost 7 years ago

  • Status changed from New to Fix Under Review
  • Assignee set to Boris Ranto
  • Backport set to kraken, jewel
Actions
Copy link
 #2

Updated by Boris Ranto almost 7 years ago

This happened because the ceph-base was only required for runtime (not %post) and we were using ceph-disk from ceph-base to relabel. That randomly failed because the order of the installation of these two packages was random.

Actions
Copy link
 #4

Updated by Boris Ranto almost 7 years ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #5

Updated by Nathan Cutler almost 7 years ago

  • Copied to Backport #20191: kraken: SELinux denials (the files in /var/log/ceph get mislabeled) added
Actions
Copy link
 #6

Updated by Nathan Cutler almost 7 years ago

  • Copied to Backport #20192: jewel: SELinux denials (the files in /var/log/ceph get mislabeled) added
Actions
Copy link
 #7

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link

Also available in: Atom PDF