| 2015-09-21 19:24:59 |
YaZug |
bug |
|
|
added bug |
| 2015-09-21 19:24:59 |
YaZug |
attachment added |
|
counts of how many times each file was referenced https://bugs.launchpad.net/bugs/1498151/+attachment/4470662/+files/neutron-server-avc-file-counts.txt |
|
| 2015-09-21 19:28:31 |
YaZug |
description |
using delorian installed via packstack --allinone I noticed that if we restart neutron-server it generates a number of AVCs for getattr on 87 files
type=AVC msg=audit(1442855709.922:10594): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/hostname" dev="dm-0" ino=67231056 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10595): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/fusermount" dev="dm-0" ino=70253714 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fusermount_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10596): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-api" dev="dm-0" ino=69439463 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_api_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10597): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-registry" dev="dm-0" ino=69439474 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_registry_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.923:10598): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-scrubber" dev="dm-0" ino=69439476 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_scrubber_exec_t:
there were a total of 87 some files in this list |
using delorian installed via packstack --allinone I noticed that if we restart neutron-server it generates a number of AVCs for getattr on 87 files
neutron==7.0.0.0b4.dev223
type=AVC msg=audit(1442855709.922:10594): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/hostname" dev="dm-0" ino=67231056 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10595): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/fusermount" dev="dm-0" ino=70253714 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fusermount_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10596): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-api" dev="dm-0" ino=69439463 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_api_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10597): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-registry" dev="dm-0" ino=69439474 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_registry_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.923:10598): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-scrubber" dev="dm-0" ino=69439476 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_scrubber_exec_t: |
|
| 2015-09-21 19:28:46 |
Assaf Muller |
neutron: status |
New |
Confirmed |
|
| 2015-09-21 19:29:02 |
Assaf Muller |
neutron: assignee |
|
Terry Wilson (otherwiseguy) |
|
| 2015-09-21 19:32:57 |
YaZug |
description |
using delorian installed via packstack --allinone I noticed that if we restart neutron-server it generates a number of AVCs for getattr on 87 files
neutron==7.0.0.0b4.dev223
type=AVC msg=audit(1442855709.922:10594): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/hostname" dev="dm-0" ino=67231056 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10595): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/fusermount" dev="dm-0" ino=70253714 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fusermount_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10596): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-api" dev="dm-0" ino=69439463 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_api_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10597): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-registry" dev="dm-0" ino=69439474 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_registry_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.923:10598): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-scrubber" dev="dm-0" ino=69439476 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_scrubber_exec_t: |
using delorian installed via packstack --allinone I noticed that if we restart neutron-server it generates a number of AVCs for getattr on 87 files
neutron==7.0.0.0b4.dev223
sample of a few entries from /var/log/audit.log from centos 7
type=AVC msg=audit(1442855709.922:10594): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/hostname" dev="dm-0" ino=67231056 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10595): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/fusermount" dev="dm-0" ino=70253714 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fusermount_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10596): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-api" dev="dm-0" ino=69439463 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_api_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.922:10597): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-registry" dev="dm-0" ino=69439474 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_registry_exec_t:s0 tclass=file
type=AVC msg=audit(1442855709.923:10598): avc: denied { getattr } for pid=16273 comm="neutron-server" path="/usr/bin/glance-scrubber" dev="dm-0" ino=69439476 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_scrubber_exec_t: |
|
| 2016-08-17 23:26:03 |
Armando Migliaccio |
neutron: status |
Confirmed |
Incomplete |
|
| 2016-08-17 23:26:03 |
Armando Migliaccio |
neutron: assignee |
Terry Wilson (otherwiseguy) |
|
|
| 2016-10-17 04:19:30 |
Launchpad Janitor |
neutron: status |
Incomplete |
Expired |
|
