Bug #44216
closedNautilus: selinux denials SELinuxError for ceph_mgr on httpd
0%
Description
Run: http://pulpito.ceph.com/yuriw-2020-02-18_16:25:00-ceph-deploy-nautilus-distro-basic-mira/
Jobs: '4778014', '4778022', '4778034', '4778018', '4778062', '4778042', '4778044', '4778010', '4778026', '4778046', '4778054', '4778030', '4778038', '4778066'
Logs: http://qa-proxy.ceph.com/teuthology/yuriw-2020-02-18_16:25:00-ceph-deploy-nautilus-distro-basic-mira/4778010/teuthology.log
2020-02-18T18:14:45.008 INFO:teuthology.orchestra.run.mira084.stdout:type=AVC msg=audit(1582049526.898:5431): avc: denied { search } for pid=2310 comm="ceph-mgr" name="httpd" dev="sda1" ino=82020 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir permissive=1
2020-02-18T18:14:45.025 DEBUG:teuthology.task.selinux:ubuntu@mira084.front.sepia.ceph.com has 1 denials
2020-02-18T18:14:45.026 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/run_tasks.py", line 159, in run_tasks
suppress = manager.__exit__(*exc_info)
File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/__init__.py", line 136, in __exit__
self.teardown()
File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 158, in teardown
self.get_new_denials()
File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 208, in get_new_denials
denials=new_denials[remote.name])
SELinuxError: SELinux denials found on ubuntu@mira107.front.sepia.ceph.com: ['type=AVC msg=audit(1582049398.726:5723): avc: denied { getattr } for pid=3862
Updated by Brad Hubbard about 4 years ago
- Is duplicate of Bug #24220: luminous: selinux denials from ceph-osd and ms_dispatch/httpd added
Updated by Brad Hubbard about 4 years ago
- Is duplicate of deleted (Bug #24220: luminous: selinux denials from ceph-osd and ms_dispatch/httpd)
Updated by Brad Hubbard about 4 years ago
- Related to Bug #24220: luminous: selinux denials from ceph-osd and ms_dispatch/httpd added
Updated by Brad Hubbard about 4 years ago
- Subject changed from selinux denials SELinuxError for "ms_dispatch" to selinux denials SELinuxError for ceph_mgr on httpd
Updated by Brad Hubbard about 4 years ago
- Status changed from New to In Progress
- Assignee set to Brad Hubbard
- Source set to Q/A
- ceph-qa-suite ceph-ansible added
Updated by Brad Hubbard about 4 years ago
- Subject changed from selinux denials SELinuxError for ceph_mgr on httpd to Nautilus: selinux denials SELinuxError for ceph_mgr on httpd
- Backport set to mimic, luminous
This does not appear to affect master or octopus but does show up on nautilus, mimic, and luminous.
It occurs when the manager loads a module that depends on cherrypy. Cherrypi itself loads the mimetypes module which scans the /etc/httpd/ directory (amongst others). See https://github.com/python/cpython/blob/master/Lib/mimetypes.py#L42
Updated by Brad Hubbard about 4 years ago
- Status changed from In Progress to Pending Backport
- Pull request ID set to 34434
Updated by Brad Hubbard about 4 years ago
- Copied to Backport #44983: mimic: Nautilus: selinux denials SELinuxError for ceph_mgr on httpd added
Updated by Brad Hubbard about 4 years ago
- Copied to Backport #44984: luminous: Nautilus: selinux denials SELinuxError for ceph_mgr on httpd added
Updated by Nathan Cutler about 4 years ago
- Status changed from Pending Backport to Resolved
While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".