Project

General

Profile

Actions
Copy link

Bug #63518

closed

Selinux denial in rados/standalone job

Added by Laura Flores 6 months ago. Updated 6 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

/a/yuriw-2023-11-10_18:18:41-rados-wip-yuri3-testing-2023-11-09-1355-quincy-distro-default-smithi/7454517

2023-11-10T23:08:34.442 DEBUG:teuthology.orchestra.run.smithi042:> mkdir /home/ubuntu/cephtest/archive/audit && sudo cp /var/log/audit/audit.log /home/ubuntu/cephtest/archive/audit && sudo chown $USER /home/ubuntu/cephtest/archive/audit/audit.log && gzip /home/ubuntu/cephtest/archive/audit/audit.log
2023-11-10T23:08:34.537 DEBUG:teuthology.orchestra.run.smithi042:> sudo grep -a 'avc: .*denied' /var/log/audit/audit.log | grep -av -e 'comm="dmidecode"' -e chronyd.service -e 'name="cephtest"' -e scontext=system_u:system_r:nrpe_t:s0 -e scontext=system_u:system_r:pcp_pmlogger_t -e scontext=system_u:system_r:pcp_pmcd_t:s0 -e 'comm="rhsmd"' -e scontext=system_u:system_r:syslogd_t:s0 -e tcontext=system_u:system_r:nrpe_t:s0 -e 'comm="updatedb"' -e 'comm="smartd"' -e 'comm="rhsmcertd-worke"' -e 'comm="setroubleshootd"' -e 'comm="rpm"' -e tcontext=system_u:object_r:container_runtime_exec_t:s0 -e 'comm="ksmtuned"' -e 'comm="sssd"' -e 'comm="sss_cache"' -e context=system_u:system_r:NetworkManager_dispatcher_t:s0
2023-11-10T23:08:34.567 INFO:teuthology.orchestra.run.smithi042.stdout:type=AVC msg=audit(1699647988.925:205): avc:  denied  { node_bind } for  pid=1942 comm="ping" saddr=172.21.15.42 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=icmp_socket permissive=1
2023-11-10T23:08:34.568 DEBUG:teuthology.task.selinux:ubuntu@smithi042.front.sepia.ceph.com has 1 denials
2023-11-10T23:08:34.568 ERROR:teuthology.run_tasks:Manager failed: selinux
Traceback (most recent call last):
  File "/home/teuthworker/src/git.ceph.com_teuthology_6899cd26fceddb2fec83dc1a1349394b28c8998e/teuthology/run_tasks.py", line 154, in run_tasks
    suppress = manager.__exit__(*exc_info)
  File "/home/teuthworker/src/git.ceph.com_teuthology_6899cd26fceddb2fec83dc1a1349394b28c8998e/teuthology/task/__init__.py", line 136, in __exit__
    self.teardown()
  File "/home/teuthworker/src/git.ceph.com_teuthology_6899cd26fceddb2fec83dc1a1349394b28c8998e/teuthology/task/selinux.py", line 166, in teardown
    self.get_new_denials()
  File "/home/teuthworker/src/git.ceph.com_teuthology_6899cd26fceddb2fec83dc1a1349394b28c8998e/teuthology/task/selinux.py", line 215, in get_new_denials
    raise SELinuxError(node=remote,
teuthology.exceptions.SELinuxError: SELinux denials found on ubuntu@smithi042.front.sepia.ceph.com: ['type=AVC msg=audit(1699647988.925:205): avc:  denied  { node_bind } for  pid=1942 comm="ping" saddr=172.21.15.42 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:node_t:s0 tclass=icmp_socket permissive=1']

Related issues 1 (1 open0 closed)

Is duplicate of Infrastructure - Bug #55443: "SELinux denials found.." in rados runNewBrad Hubbard

Actions
Actions
Copy link
 #1

Updated by Laura Flores 6 months ago

  • Status changed from New to Duplicate
Actions
Copy link
 #2

Updated by Laura Flores 6 months ago

  • Is duplicate of Bug #55443: "SELinux denials found.." in rados run added
Actions
Copy link

Also available in: Atom PDF