Actions
Bug #43229
openSELinux denials in ceph-daemon test
Status:
Fix Under Review
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
SELinux denials found on ubuntu@smithi098.front.sepia.ceph.com:
['type=AVC msg=audit(1575918661.360:7765):
avc: denied { getattr } for
pid=65166
comm="logrotate"
path="/var/log/ceph/00000000-0000-0000-0000-0000deadbeef/ceph.audit.log"
dev="sda1"
ino=134911
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
tcontext=system_u:object_r:container_file_t:s0 tclass=file permissive=1',
'type=AVC msg=audit(1575918661.360:7764):
avc: denied { read } for
pid=65166
comm="logrotate"
name="00000000-0000-0000-0000-0000deadbeef"
dev="sda1"
ino=134899
scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
tcontext=system_u:object_r:container_file_t:s0
tclass=dir permissive=1'
]
/kchai-2019-12-09_12:39:45-rados-wip-kefu-testing-2019-12-09-1434-distro-basic-smithi/4584529/
Updated by Sage Weil over 4 years ago
- Status changed from New to Fix Under Review
This is the upstream container-selinux change that should resolve this:
https://github.com/containers/container-selinux/commit/67b024ddf8964c8ad9db05ac2b053f837ce32754
and the BZ
Actions