Bug #11560
closedforeman-debug to skip USER_AVC SELinux audit "denials"
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1209794
Description of problem:
foreman-debug checking for SELinux denials wrongly reports also USER_AVC records like below example. Those are logs of policy load and not real denials. foreman-debug then wrongly reports "DENIALS: 12" to stdout.
Version-Release number of selected component (if applicable):
foreman-debug-1.7.2.15-1.el7sat.noarch
How reproducible:
100%
Steps to Reproduce:
1. e.g. on freshly installed RHEL7.1 and Sat6.1 (most probably reproducible anywhere), run foreman-debug
2. Check it's output and selinux_denials.log it generates
Actual results:
foreman-debug output having:
HOSTNAME: pmoravec-sat61.gsslab.brq.redhat.com
OS: redhat
RELEASE: Red Hat Enterprise Linux Server release 7.1 (Maipo)
FOREMAN: 1.7.2
RUBY: ruby 2.0.0p598 (2014-11-13) [x86_64-linux]
PUPPET: 3.6.2
DENIALS: 12
selinux_denials.log having 12 records like:
time->Wed Apr 8 09:31:02 2015
type=USER_AVC msg=audit(1428478262.651:1213): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=11) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
Expected results:
foreman-debug output to have "DENIALS: 0"
selinux_denials.log without the USER_AVC logs
Additional info:
/me not sure what all audit logs could be of USER_AVC type, or if there could be also real denials. But definitely the above logs are not SELinux denials and should not be reported as such by foreman-debug.