Actions
Bug #20184
closedSELinux denials (the files in /var/log/ceph get mislabeled)
% Done:
0%
Source:
Q/A
Tags:
Backport:
kraken, jewel
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Run: http://pulpito.ceph.com/yuriw-2017-06-03_15:35:34-rados-wip-yuri-testing_2017_7_4---basic-smithi/
Logs: http://qa-proxy.ceph.com/teuthology/yuriw-2017-06-03_15:35:34-rados-wip-yuri-testing_2017_7_4---basic-smithi/1259202/teuthology.log
SELinuxError: SELinux denials found on ubuntu@smithi139.front.sepia.ceph.com: ['type=AVC msg=audit(1496504537.958:52827): avc: denied { open } for pid=242759 comm="ceph-mon" path="/var/log/ceph/ceph-mon.smithi139.log" dev="sda1" ino=7080364 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc: denied { create } for pid=242598 comm="ceph-mon" name="ceph-mon.smithi139.log" scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc: denied { write } for pid=242598 comm="ceph-mon" name="ceph" dev="sda1" ino=7080331 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir', 'type=AVC msg=audit(1496504527.770:52792): avc: denied { open } for pid=242598 comm="ceph-mon" path="/var/log/ceph/ceph-mon.smithi139.log" dev="sda1" ino=7080364 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file', 'type=AVC msg=audit(1496504527.770:52792): avc: denied { add_name } for pid=242598 comm="ceph-mon" name="ceph-mon.smithi139.log" scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir'] 2017-06-03T15:52:59.760 DEBUG:teuthology.run_tasks:Unwinding manager pcp
Updated by Boris Ranto almost 7 years ago
- Status changed from New to Fix Under Review
- Assignee set to Boris Ranto
- Backport set to kraken, jewel
Updated by Boris Ranto almost 7 years ago
This happened because the ceph-base was only required for runtime (not %post) and we were using ceph-disk from ceph-base to relabel. That randomly failed because the order of the installation of these two packages was random.
Updated by Boris Ranto almost 7 years ago
Upstream PR:
Updated by Boris Ranto almost 7 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Nathan Cutler almost 7 years ago
- Copied to Backport #20191: kraken: SELinux denials (the files in /var/log/ceph get mislabeled) added
Updated by Nathan Cutler almost 7 years ago
- Copied to Backport #20192: jewel: SELinux denials (the files in /var/log/ceph get mislabeled) added
Updated by Nathan Cutler over 6 years ago
- Status changed from Pending Backport to Resolved
Actions