Actions
Bug #43229
openSELinux denials in ceph-daemon test
Status:
Fix Under Review
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
SELinux denials found on ubuntu@smithi098.front.sepia.ceph.com: ['type=AVC msg=audit(1575918661.360:7765): avc: denied { getattr } for pid=65166 comm="logrotate" path="/var/log/ceph/00000000-0000-0000-0000-0000deadbeef/ceph.audit.log" dev="sda1" ino=134911 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:container_file_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1575918661.360:7764): avc: denied { read } for pid=65166 comm="logrotate" name="00000000-0000-0000-0000-0000deadbeef" dev="sda1" ino=134899 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:container_file_t:s0 tclass=dir permissive=1' ]
/kchai-2019-12-09_12:39:45-rados-wip-kefu-testing-2019-12-09-1434-distro-basic-smithi/4584529/
Updated by Sage Weil over 4 years ago
- Status changed from New to Fix Under Review
This is the upstream container-selinux change that should resolve this:
https://github.com/containers/container-selinux/commit/67b024ddf8964c8ad9db05ac2b053f837ce32754
and the BZ
Actions