Actions
Bug #41413
closedSELinux denials in 14.2.3 RC runs
Status:
Resolved
Priority:
Urgent
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
rados, rbd
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Runs:
http://pulpito.ceph.com/yuriw-2019-08-23_15:09:01-rados-wip_nautilus_14.2.3_RC1-distro-basic-smithi/
http://pulpito.ceph.com/yuriw-2019-08-22_02:34:09-rbd-wip_nautilus_14.2.3_RC1-distro-basic-smithi/
Jons: manye
Logs: http://qa-proxy.ceph.com/teuthology/yuriw-2019-08-23_15:09:01-rados-wip_nautilus_14.2.3_RC1-distro-basic-smithi/4245449/teuthology.log
2019-08-23T16:34:29.250 INFO:teuthology.orchestra.run.smithi173:> sudo grep 'avc: .*denied' /var/log/audit/audit.log | grep -v '\(comm="dmidecode"\|chronyd.service\|name="cephtest"\|scontext=system_u:system_r:nrpe_t:s0\|scontext=system_u:system_r:pcp_pmlogger_t\|scontext=system_u:system_r:pcp_pmcd_t:s0\|comm="rhsmd"\|scontext=system_u:system_r:syslogd_t:s0\|tcontext=system_u:system_r:nrpe_t:s0\|comm="updatedb"\)' 2019-08-23T16:34:29.299 INFO:teuthology.orchestra.run.smithi173.stdout:type=AVC msg=audit(1566576854.565:3054): avc: denied { read } for pid=21938 comm="smartd" name="nvme0" dev="devtmpfs" ino=11574 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.299 INFO:teuthology.orchestra.run.smithi173.stdout:type=AVC msg=audit(1566576854.565:3054): avc: denied { open } for pid=21938 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=11574 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.299 INFO:teuthology.orchestra.run.smithi173.stdout:type=AVC msg=audit(1566576854.565:3055): avc: denied { ioctl } for pid=21938 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=11574 ioctlcmd=4e40 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.300 DEBUG:teuthology.task.selinux:ubuntu@smithi173.front.sepia.ceph.com has 3 denials 2019-08-23T16:34:29.300 INFO:teuthology.orchestra.run.smithi107:Running: 2019-08-23T16:34:29.300 INFO:teuthology.orchestra.run.smithi107:> sudo grep 'avc: .*denied' /var/log/audit/audit.log | grep -v '\(comm="dmidecode"\|chronyd.service\|name="cephtest"\|scontext=system_u:system_r:nrpe_t:s0\|scontext=system_u:system_r:pcp_pmlogger_t\|scontext=system_u:system_r:pcp_pmcd_t:s0\|comm="rhsmd"\|scontext=system_u:system_r:syslogd_t:s0\|tcontext=system_u:system_r:nrpe_t:s0\|comm="updatedb"\)' 2019-08-23T16:34:29.348 INFO:teuthology.orchestra.run.smithi107.stdout:type=AVC msg=audit(1566576855.302:3057): avc: denied { read } for pid=21920 comm="smartd" name="nvme0" dev="devtmpfs" ino=9397 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.349 INFO:teuthology.orchestra.run.smithi107.stdout:type=AVC msg=audit(1566576855.302:3057): avc: denied { open } for pid=21920 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=9397 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.349 INFO:teuthology.orchestra.run.smithi107.stdout:type=AVC msg=audit(1566576855.302:3058): avc: denied { ioctl } for pid=21920 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=9397 ioctlcmd=4e40 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1 2019-08-23T16:34:29.349 DEBUG:teuthology.task.selinux:ubuntu@smithi107.front.sepia.ceph.com has 3 denials 2019-08-23T16:34:29.349 ERROR:teuthology.run_tasks:Manager failed: selinux Traceback (most recent call last): File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/run_tasks.py", line 159, in run_tasks suppress = manager.__exit__(*exc_info) File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/__init__.py", line 136, in __exit__ self.teardown() File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 149, in teardown self.get_new_denials() File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 199, in get_new_denials denials=new_denials[remote.name]) SELinuxError: SELinux denials found on ubuntu@smithi173.front.sepia.ceph.com: ['type=AVC msg=audit(1566576854.565:3054): avc: denied { read } for pid=21938 comm="smartd" name="nvme0" dev="devtmpfs" ino=11574 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1', 'type=AVC msg=audit(1566576854.565:3054): avc: denied { open } for pid=21938 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=11574 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1', 'type=AVC msg=audit(1566576854.565:3055): avc: denied { ioctl } for pid=21938 comm="smartd" path="/dev/nvme0" dev="devtmpfs" ino=11574 ioctlcmd=4e40 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:nvme_device_t:s0 tclass=chr_file permissive=1'] 2019-08-23T16:34:29.350 DEBUG:teuthology.run_tasks:Unwinding manager pcp
Actions