Project

General

Profile

Bug #46300

SELinux: denied { module_request } for comm="ksmtuned" kmod="binfmt-464c" scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:system_r:kernel_t:s0

Added by Sebastian Wagner over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
-
% Done:

0%

Source:
Q/A
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

https://pulpito.ceph.com/swagner-2020-07-01_10:16:24-rados:cephadm-wip-swagner3-testing-2020-07-01-1013-distro-basic-smithi/5194327/

Saw this today in a PR run:

2020-07-01T11:23:01.692 INFO:teuthology.orchestra.run.smithi071:> sudo grep -a 'avc: .*denied' /var/log/audit/audit.log | grep -av '\(comm="dmidecode"\|chronyd.service\|name="cephtest"\|scontext=system_u:system_r:nrpe_t:s0\|scontext=system_u:system_r:pcp_pmlogger_t\|scontext=system_u:system_r:pcp_pmcd_t:s0\|comm="rhsmd"\|scontext=system_u:system_r:syslogd_t:s0\|tcontext=system_u:system_r:nrpe_t:s0\|comm="updatedb"\|comm="smartd"\|comm="rhsmcertd-worke"\|comm="setroubleshootd"\|comm="rpm"\|tcontext=system_u:object_r:container_runtime_exec_t:s0\|scontext=system_u:system_r:logrotate_t:s0\)'
2020-07-01T11:23:01.722 DEBUG:teuthology.orchestra.run:got remote process result: 1
2020-07-01T11:23:01.723 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/run_tasks.py", line 171, in run_tasks
    suppress = manager.__exit__(*exc_info)
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/__init__.py", line 136, in __exit__
    self.teardown()
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 158, in teardown
    self.get_new_denials()
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_master/teuthology/task/selinux.py", line 208, in get_new_denials
    denials=new_denials[remote.name])
teuthology.exceptions.SELinuxError: SELinux denials found on ubuntu@smithi174.front.sepia.ceph.com: ['type=AVC msg=audit(1593601294.109:4683): avc:  denied  { module_request } for  pid=18957 comm="ksmtuned" kmod="binfmt-464c" scontext=system_u:system_r:ksmtuned_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=1']

no clue where this comes from. Might be related to the PRs I tested, but seems unrelated:

History

#1 Updated by Nathan Cutler over 3 years ago

Boris Ranto and/or Brad Hubbard might be able to help.

#2 Updated by Patrick Donnelly over 3 years ago

  • Project changed from RADOS to teuthology
  • Status changed from New to In Progress
  • Assignee set to Patrick Donnelly

/ceph/teuthology-archive/pdonnell-2020-07-17_01:51:48-fs-wip-pdonnell-testing-20200717.003135-distro-basic-smithi/5233317/teuthology.log

#3 Updated by Patrick Donnelly over 3 years ago

  • Status changed from In Progress to Fix Under Review

#4 Updated by Brad Hubbard over 3 years ago

This doesn't seem to be related to ceph and looks like a rhel/ksmtuned bug to me. So I think whitelisting it in teuthology is the right solution.

#5 Updated by Brad Hubbard over 3 years ago

  • Status changed from Fix Under Review to Resolved

Also available in: Atom PDF