Project

General

Profile

Actions
Copy link

Bug #46424

closed

[RGW]: avc denial observed for pid=13757 comm="radosgw" on starting RabbitMQ at port 5672

Added by Kaleb KEITHLEY almost 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Kaleb KEITHLEY
Target version:
Ceph - v14.2.11
% Done:

0%

Source:
Tags:
Backport:
nautilus octopus
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v14.2.8
ceph-qa-suite:
Pull request ID:
35983
Crash signature (v1):
Crash signature (v2):

Description

https://bugzilla.redhat.com/show_bug.cgi?id=1854083On starting the RabbitMQ broker on port 5672, observed avc denied for pid=13757 comm="radosgw" at rabbitmq_port = 5672

logs:
------
type=USER_START msg=audit(1593512305.539:17041): pid=15297 uid=0 auid=0 ses=939 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_unix acct="rabbitmq" exe="/usr/sbin/runuser" hostname=buckeye.lab.eng.blr.redhat.com addr=? terminal=pts/0 res=success'
type=AVC msg=audit(1593512311.071:17042): avc: denied { name_connect } for pid=13757 comm="radosgw" dest=5672 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket permissive=1

Similar results observed with http_server running at port 8000 :

logs:

type=AVC msg=audit(1593695762.198:18299): avc: denied { name_connect } for pid=13757 comm="http_manager" dest=8000 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket permissive=1
type=SYSCALL msg=audit(1593695762.198:18299): arch=c000003e syscall=42 success=no exit=-115 a0=bb a1=7f3f496e4170 a2=10 a3=7f3f496e3a60 items=0 ppid=1 pid=13757 auid=4294967295 uid=167 gid=167 euid=167 suid=167 fsuid=167 egid=167 sgid=167 fsgid=167 tty=(none) ses=4294967295 comm="http_manager" exe="/usr/bin/radosgw" subj=system_u:system_r:ceph_t:s0 key=(null)

Version-Release number of selected component (if applicable):
ceph version 14.2.8-79.el7cp (2d4542a7b3632dd9a7b09b5700f711e8016a94fd) nautilus (stable)

Additional info:

Selinux is set to enforcing mode.

Related issues 2 (0 open2 closed)

Copied to rgw - Backport #46457: octopus: [RGW]: avc denial observed for pid=13757 comm="radosgw" on starting RabbitMQ at port 5672ResolvedNathan CutlerActions
Copied to rgw - Backport #46458: nautilus: [RGW]: avc denial observed for pid=13757 comm="radosgw" on starting RabbitMQ at port 5672ResolvedNathan CutlerActions
Actions
Copy link
 #2

Updated by Kaleb KEITHLEY almost 4 years ago

  • Backport set to nautilus octopus
Actions
Copy link
 #3

Updated by Casey Bodley almost 4 years ago

  • Status changed from In Progress to Pending Backport
  • Pull request ID set to 35983
Actions
Copy link
 #4

Updated by Nathan Cutler almost 4 years ago

  • Copied to Backport #46457: octopus: [RGW]: avc denial observed for pid=13757 comm="radosgw" on starting RabbitMQ at port 5672 added
Actions
Copy link
 #5

Updated by Nathan Cutler almost 4 years ago

  • Copied to Backport #46458: nautilus: [RGW]: avc denial observed for pid=13757 comm="radosgw" on starting RabbitMQ at port 5672 added
Actions
Copy link
 #6

Updated by Nathan Cutler over 3 years ago

  • Status changed from Pending Backport to Resolved

While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".

Actions
Copy link

Also available in: Atom PDF