Project

General

Profile

Actions
Copy link

Bug #43396

closed

selinux denial on el8

Added by Sage Weil over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Patrick Donnelly
Category:
-
Target version:
v15.0.0
% Done:

0%

Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

SELinux denials found on : ['type=AVC msg=audit(1576786614.808:3780): avc: denied { open } for pid=15987 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="sda1" ino=61046 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.808:3782): avc: denied { map } for pid=15987 comm="setroubleshootd" path="/var/lib/rpm/Name" dev="sda1" ino=61070 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.268:3768): avc: denied { getattr } for pid=15724 comm="rhsmcertd-worke" path="/var/lib/rpm/Packages" dev="sda1" ino=61046 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.581:3778): avc: denied { unlink } for pid=15724 comm="rhsmcertd-worke" name="metadata_lock.pid" dev="sda1" ino=57312 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.268:3766): avc: denied { read write } for pid=15724 comm="rhsmcertd-worke" name=".dbenv.lock" dev="sda1" ino=61154 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.337:3775): avc: denied { open } for pid=15724 comm="rhsmcertd-worke" path="/var/cache/dnf/metadata_lock.pid" dev="sda1" ino=57312 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.662:3779): avc: denied { read } for pid=15724 comm="rhsmcertd-worke" name="satellite-5-client.module" dev="sda1" ino=57237 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.337:3775): avc: denied { add_name } for pid=15724 comm="rhsmcertd-worke" name="metadata_lock.pid" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=dir permissive=1', 'type=AVC msg=audit(1576786614.439:3776): avc: denied { open } for pid=15724 comm="rhsmcertd-worke" path="/var/cache/dnf/epel-fafd94c310c51e1e/metalink.xml" dev="sda1" ino=262189 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:rpm_var_cache_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.808:3780): avc: denied { read } for pid=15987 comm="setroubleshootd" name="Packages" dev="sda1" ino=61046 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.337:3775): avc: denied { create } for pid=15724 comm="rhsmcertd-worke" name="metadata_lock.pid" scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.808:3781): avc: denied { lock } for pid=15987 comm="setroubleshootd" path="/var/lib/rpm/Packages" dev="sda1" ino=61046 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.268:3767): avc: denied { lock } for pid=15724 comm="rhsmcertd-worke" path="/var/lib/rpm/.dbenv.lock" dev="sda1" ino=61154 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.337:3774): avc: denied { open } for pid=15724 comm="rhsmcertd-worke" path="/var/log/hawkey.log" dev="sda1" ino=60817 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.268:3766): avc: denied { open } for pid=15724 comm="rhsmcertd-worke" path="/var/lib/rpm/.dbenv.lock" dev="sda1" ino=61154 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.662:3779): avc: denied { open } for pid=15724 comm="rhsmcertd-worke" path="/etc/dnf/modules.d/satellite-5-client.module" dev="sda1" ino=57237 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.333:3773): avc: denied { map } for pid=15724 comm="rhsmcertd-worke" path="/var/lib/rpm/Name" dev="sda1" ino=61070 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1', 'type=AVC msg=audit(1576786614.337:3775): avc: denied { write } for pid=15724 comm="rhsmcertd-worke" name="dnf" dev="sda1" ino=60792 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=dir permissive=1', 'type=AVC msg=audit(1576786614.581:3778): avc: denied { remove_name } for pid=15724 comm="rhsmcertd-worke" name="metadata_lock.pid" dev="sda1" ino=57312 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:rpm_var_cache_t:s0 tclass=dir permissive=1', 'type=AVC msg=audit(1576786614.464:3777): avc: denied { setattr } for pid=15724 comm="rhsmcertd-worke" name="6e2fe611f78ac434c2918bac1eec468dbd24c9b4cdb65bf6a744d10f764f3284-primary.xml.gz" dev="sda1" ino=262155 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=unconfined_u:object_r:rpm_var_cache_t:s0 tclass=file permissive=1']

/a/sage-2019-12-19_19:10:50-rados-master-distro-basic-smithi/4615422

Actions
Copy link

Also available in: Atom PDF