Actions
Bug #3895
closed
AVC denials from Foreman 1.3 installation
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Description
No discernible impact on the application or installation.
Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:6): avc: denied { search } for pid=18188 comm="PassengerHelper" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passe
nger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:7): avc: denied { read } for pid=18188 comm="PassengerHelper" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:p
assenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:33:02 puma39 kernel: type=1400 audit(1387269182.837:8): avc: denied { open } for pid=18188 comm="PassengerHelper" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:p
assenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:33:14 puma39 kernel: type=1400 audit(1387269194.886:9): avc: denied { name_connect } for pid=18244 comm="ruby" dest=9090 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=s
ystem_u:object_r:websm_port_t:s0 tclass=tcp_socket
Dec 17 10:39:58 puma39 kernel: type=1400 audit(1387269598.109:10): avc: denied { name_connect } for pid=18244 comm="ruby" dest=9090 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=
system_u:object_r:websm_port_t:s0 tclass=tcp_socket
Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:11): avc: denied { search } for pid=18782 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tc
ontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:12): avc: denied { read } for pid=18782 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s
0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:40:03 puma39 kernel: type=1400 audit(1387269603.002:13): avc: denied { open } for pid=18782 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s
0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.115:14): avc: denied { relabelto } for pid=18794 comm="ruby" name="yaml" dev=dm-0 ino=15992250 scontext=unconfined_u:system_r:pas
senger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=dir
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.128:15): avc: denied { relabelto } for pid=18794 comm="ruby" name="masterhttp.log" dev=dm-0 ino=15992648 scontext=unconfined_u:sy
stem_r:passenger_t:s0 tcontext=system_u:object_r:puppet_log_t:s0 tclass=file
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.136:16): avc: denied { relabelto } for pid=18794 comm="ruby" name="puma39.scl.lab.tlv.redhat.com.pem" dev=dm-0 ino=16122798 scont
ext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_var_lib_t:s0 tclass=file
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.419:17): avc: denied { name_bind } for pid=18819 comm="ruby" src=22417 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=sys
tem_u:object_r:port_t:s0 tclass=udp_socket
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.892:18): avc: denied { execute } for pid=18823 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:pas
senger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 10:40:22 puma39 kernel: type=1400 audit(1387269622.893:19): avc: denied { execute_no_trans } for pid=18823 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unco
nfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 10:42:40 puma39 kernel: type=1400 audit(1387269760.627:20): avc: denied { execute } for pid=18997 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:pas
senger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 10:42:40 puma39 kernel: type=1400 audit(1387269760.627:21): avc: denied { execute_no_trans } for pid=18997 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unco
nfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:22): avc: denied { search } for pid=19042 comm="rpm" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 t
context=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:23): avc: denied { read } for pid=19042 comm="rpm" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:
s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:42:41 puma39 kernel: type=1400 audit(1387269761.702:24): avc: denied { open } for pid=19042 comm="rpm" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:
s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.037:25): avc: denied { getattr } for pid=18819 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=uncon
fined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.038:26): avc: denied { execute } for pid=18819 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_
u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=fileDec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.040:27): avc: denied { read open } for pid=19100 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 10:42:43 puma39 kernel: type=1400 audit(1387269763.040:28): avc: denied { execute_no_trans } for pid=19100 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495887 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 10:54:52 puma39 kernel: type=1400 audit(1387270492.145:29): avc: denied { execute } for pid=19452 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 10:54:52 puma39 kernel: type=1400 audit(1387270492.145:30): avc: denied { execute_no_trans } for pid=19452 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:01:03 puma39 kernel: type=1400 audit(1387270863.002:31): avc: denied { read } for pid=19952 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:01:03 puma39 kernel: type=1400 audit(1387270863.002:32): avc: denied { open } for pid=19952 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:01:08 puma39 kernel: type=1400 audit(1387270868.001:33): avc: denied { search } for pid=19954 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 11:10:28 puma39 kernel: type=1400 audit(1387271428.002:34): avc: denied { search } for pid=20198 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 11:11:22 puma39 kernel: type=1400 audit(1387271482.294:35): avc: denied { execute } for pid=20226 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:11:22 puma39 kernel: type=1400 audit(1387271482.295:36): avc: denied { execute_no_trans } for pid=20226 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:16:18 puma39 kernel: type=1400 audit(1387271778.002:37): avc: denied { read } for pid=20613 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:16:18 puma39 kernel: type=1400 audit(1387271778.002:38): avc: denied { open } for pid=20613 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:27:03 puma39 kernel: type=1400 audit(1387272423.002:39): avc: denied { execute } for pid=20883 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:27:03 puma39 kernel: type=1400 audit(1387272423.002:40): avc: denied { execute_no_trans } for pid=20883 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:30:33 puma39 kernel: type=1400 audit(1387272633.002:41): avc: denied { read } for pid=21256 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:30:33 puma39 kernel: type=1400 audit(1387272633.002:42): avc: denied { open } for pid=21256 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:43): avc: denied { search } for pid=8173 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:44): avc: denied { read } for pid=8173 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:31:53 puma39 kernel: type=1400 audit(1387272713.001:45): avc: denied { open } for pid=8173 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 11:41:23 puma39 kernel: type=1400 audit(1387273283.103:46): avc: denied { execute } for pid=8990 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:41:23 puma39 kernel: type=1400 audit(1387273283.103:47): avc: denied { execute_no_trans } for pid=8990 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.252:48): avc: denied { getattr } for pid=20466 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.252:49): avc: denied { execute } for pid=20466 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.254:50): avc: denied { read open } for pid=9109 comm="ruby" name="iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 11:41:31 puma39 kernel: type=1400 audit(1387273291.255:51): avc: denied { execute_no_trans } for pid=9109 comm="ruby" path="/sbin/iptables-multi-1.4.7" dev=dm-0 ino=21495971 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:52): avc: denied { search } for pid=9895 comm="ps" name="/" dev=sysfs ino=1 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:53): avc: denied { read } for pid=9895 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 12:00:03 puma39 kernel: type=1400 audit(1387274403.002:54): avc: denied { open } for pid=9895 comm="ps" name="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Dec 17 12:57:02 puma39 kernel: type=1400 audit(1387277822.628:55): avc: denied { execute } for pid=11925 comm="ruby" name="node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Dec 17 12:57:02 puma39 kernel: type=1400 audit(1387277822.628:56): avc: denied { execute_no_trans } for pid=11925 comm="ruby" path="/etc/puppet/node.rb" dev=dm-0 ino=2622475 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
Updated by Dominic Cleal almost 11 years ago
- Related to Bug #3465: AVC denials with Foreman 1.3 on RHEL 6 added
Updated by Dominic Cleal over 10 years ago
- Status changed from New to Resolved
I believe these have been resolved by various updates to the policy between 1.3 and 1.5. The node.rb is now labelled separately and a lot of the /bin/ps noise has been fixed too.
Updated by Lukas Zapletal over 10 years ago
FYI we have fixed the "ps" thing recently, not sure about the rest.
Updated by Lukas Zapletal over 10 years ago
- Related to Bug #5924: Puppetmaster denial for node.rb added
Actions