Project

General

Profile

Actions
Copy link

Bug #22028

closed

Passenger denials during restart

Added by Lukas Zapletal over 6 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
General Foreman
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-selinux/pull/74
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

On our dogfooding server we see additional denials. I am unable to reproduce on my local system:

----
time->Sun Nov 26 03:40:50 2017
type=PROCTITLE msg=audit(1511685650.129:386233): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1511685650.129:386233): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=1e7d7a0 a2=10 a3=7ffed9c1a9f0 items=0 ppid=32068 pid=32333 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1511685650.129:386233): avc:  denied  { name_connect } for  pid=32333 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket
----
time->Thu Nov 30 05:55:36 2017
type=PROCTITLE msg=audit(1512039336.390:413515): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512039336.390:413515): arch=c000003e syscall=42 success=no exit=-13 a0=14 a1=7f1e1817e8c0 a2=10 a3=2 items=0 ppid=1 pid=3342 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512039336.390:413515): avc:  denied  { name_connect } for  pid=3342 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Mon Dec  4 03:14:52 2017
type=PROCTITLE msg=audit(1512375292.182:439483): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1512375292.182:439483): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=1af97a0 a2=10 a3=7ffe04b1db10 items=0 ppid=28691 pid=29005 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512375292.182:439483): avc:  denied  { name_connect } for  pid=29005 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket
----
time->Mon Dec  4 07:44:41 2017
type=PROCTITLE msg=audit(1512391481.870:440734): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512391481.870:440734): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f4c60eb3730 a2=10 a3=2 items=0 ppid=1 pid=18392 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512391481.870:440734): avc:  denied  { name_connect } for  pid=18392 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Mon Dec  4 07:44:43 2017
type=PROCTITLE msg=audit(1512391483.267:440735): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512391483.267:440735): arch=c000003e syscall=42 success=no exit=-13 a0=b a1=7f8c86b00c70 a2=10 a3=7f8cae82c2e0 items=0 ppid=1 pid=28511 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512391483.267:440735): avc:  denied  { name_connect } for  pid=28511 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Tue Dec  5 16:55:25 2017
type=PROCTITLE msg=audit(1512510925.191:450100): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512510925.191:450100): arch=c000003e syscall=42 success=no exit=-13 a0=13 a1=7fde2a6f9a60 a2=10 a3=2 items=0 ppid=1 pid=22014 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512510925.191:450100): avc:  denied  { name_connect } for  pid=22014 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Wed Dec  6 07:45:27 2017
type=PROCTITLE msg=audit(1512564327.721:454296): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1512564327.721:454296): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=1fbe740 a2=10 a3=7ffd57844100 items=0 ppid=19650 pid=20080 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512564327.721:454296): avc:  denied  { name_connect } for  pid=20080 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket
----
time->Thu Dec  7 13:46:16 2017
type=PROCTITLE msg=audit(1512672376.563:462816): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512672376.563:462816): arch=c000003e syscall=42 success=no exit=-13 a0=14 a1=7fbbee180ab0 a2=10 a3=2 items=0 ppid=1 pid=16135 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512672376.563:462816): avc:  denied  { name_connect } for  pid=16135 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Fri Dec  8 05:31:06 2017
type=PROCTITLE msg=audit(1512729066.597:467211): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512729066.597:467211): arch=c000003e syscall=42 success=no exit=-13 a0=17 a1=7f7e32942870 a2=10 a3=7f7e3bff12e0 items=0 ppid=21140 pid=21588 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512729066.597:467211): avc:  denied  { name_connect } for  pid=21588 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Fri Dec  8 07:36:40 2017
type=PROCTITLE msg=audit(1512736600.095:467791): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1512736600.095:467791): arch=c000003e syscall=42 success=no exit=-13 a0=13 a1=7ff68e54fe70 a2=10 a3=2 items=0 ppid=1 pid=28448 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512736600.095:467791): avc:  denied  { name_connect } for  pid=28448 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Sun Dec 10 03:19:47 2017
type=PROCTITLE msg=audit(1512893987.616:479893): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1512893987.616:479893): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=1961810 a2=10 a3=7fff874c6620 items=0 ppid=15811 pid=16030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1512893987.616:479893): avc:  denied  { name_connect } for  pid=16030 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket
----
time->Tue Dec 12 16:57:15 2017
type=PROCTITLE msg=audit(1513115835.984:497134): proctitle=50617373656E676572205261636B4170703A202F7573722F73686172652F666F72656D616E
type=SYSCALL msg=audit(1513115835.984:497134): arch=c000003e syscall=42 success=no exit=-13 a0=17 a1=7f7a8189c120 a2=10 a3=7f7a8bff0ef0 items=0 ppid=6203 pid=6296 auid=4294967295 uid=990 gid=987 euid=990 suid=990 fsuid=990 egid=987 sgid=987 fsgid=987 tty=(none) ses=4294967295 comm="diagnostic_con*" exe="/opt/rh/rh-ruby23/root/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513115835.984:497134): avc:  denied  { name_connect } for  pid=6296 comm="diagnostic_con*" dest=8000 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:soundd_port_t:s0 tclass=tcp_socket
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503553): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503553): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503553): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/dev/hugepages" dev="hugetlbfs" ino=12435 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503554): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503554): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503554): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/systemd" dev="cgroup" ino=6173 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503555): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503555): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503555): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/devices" dev="cgroup" ino=6199 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503556): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503556): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503556): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/perf_event" dev="cgroup" ino=6211 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503557): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503557): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503557): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/blkio" dev="cgroup" ino=6220 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.835:503558): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.835:503558): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.835:503558): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/freezer" dev="cgroup" ino=6256 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503559): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503559): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503559): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/cpu,cpuacct" dev="cgroup" ino=6265 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503560): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503560): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503560): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/net_cls,net_prio" dev="cgroup" ino=6285 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503561): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503561): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503561): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/pids" dev="cgroup" ino=6299 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503562): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503562): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503562): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/memory" dev="cgroup" ino=6309 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503563): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503563): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503563): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/hugetlb" dev="cgroup" ino=6344 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503564): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503564): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503564): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/cgroup/cpuset" dev="cgroup" ino=6361 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:cgroup_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503565): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503565): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503565): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/pstore" dev="pstore" ino=6181 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:pstore_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503566): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503566): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503566): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/kernel/config" dev="configfs" ino=11380 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.836:503567): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.836:503567): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.836:503567): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.837:503568): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.837:503568): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.837:503568): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/dev/sda1" dev="devtmpfs" ino=12386 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.837:503569): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.837:503569): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.837:503569): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/mnt" dev="0:43" ino=101580801 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.837:503570): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.837:503570): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.837:503570): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/dev/dm-0" dev="devtmpfs" ino=12388 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.837:503571): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.837:503571): arch=c000003e syscall=4 success=no exit=-13 a0=7ffeb299fe80 a1=7ffeb29a0e90 a2=7ffeb29a0e90 a3=7ffeb299fb50 items=0 ppid=9893 pid=9895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.837:503571): avc:  denied  { getattr } for  pid=9895 comm="lsof" path="/dev/dm-0" dev="devtmpfs" ino=12388 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.841:503572): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.841:503572): arch=c000003e syscall=4 success=no exit=-13 a0=132fbf0 a1=7ffeb29a5a90 a2=7ffeb29a5a90 a3=5 items=0 ppid=9852 pid=9893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.841:503572): avc:  denied  { search } for  pid=9893 comm="lsof" name="httpd" dev="dm-0" ino=67398341 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.841:503573): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.841:503573): arch=c000003e syscall=4 success=no exit=-13 a0=132fc90 a1=7ffeb29a5a90 a2=7ffeb29a5a90 a3=5 items=0 ppid=9852 pid=9893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.841:503573): avc:  denied  { search } for  pid=9893 comm="lsof" name="httpd" dev="dm-0" ino=67398341 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:07 2017
type=PROCTITLE msg=audit(1513195687.841:503574): proctitle=6C736F66002D70003135383131002D6E50
type=SYSCALL msg=audit(1513195687.841:503574): arch=c000003e syscall=4 success=no exit=-13 a0=132fe10 a1=7ffeb29a5a90 a2=7ffeb29a5a90 a3=5 items=0 ppid=9852 pid=9893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lsof" exe="/usr/sbin/lsof" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195687.841:503574): avc:  denied  { search } for  pid=9893 comm="lsof" name="httpd" dev="dm-0" ino=67398341 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir
----
time->Wed Dec 13 15:08:31 2017
type=PROCTITLE msg=audit(1513195711.995:503576): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1513195711.995:503576): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=163bdf0 a2=10 a3=7ffdee6a16e0 items=0 ppid=9898 pid=10225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513195711.995:503576): avc:  denied  { name_connect } for  pid=10225 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket
----
time->Mon Dec 18 03:20:40 2017
type=PROCTITLE msg=audit(1513585240.031:533850): proctitle=72756279002F7573722F73686172652F67656D732F67656D732F70617373656E6765722D342E302E31382F68656C7065722D736372697074732F707265737061776E0068747470733A2F2F7361742D723232302D30322E6C61622E656E672E726475322E7265646861742E636F6D3A38313430
type=SYSCALL msg=audit(1513585240.031:533850): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=28aa920 a2=10 a3=7fffa3c43e40 items=0 ppid=9705 pid=10072 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ruby" exe="/usr/bin/ruby" subj=system_u:system_r:passenger_t:s0 key=(null)
type=AVC msg=audit(1513585240.031:533850): avc:  denied  { name_connect } for  pid=10072 comm="ruby" dest=8140 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_port_t:s0 tclass=tcp_socket

audit2allow -Ra

require {
        type passenger_t;
}

#============= passenger_t ==============
apache_search_config(passenger_t)
corenet_tcp_connect_puppet_port(passenger_t)
corenet_tcp_connect_soundd_port(passenger_t)
fs_list_hugetlbfs(passenger_t)
fs_list_pstore(passenger_t)
fs_read_configfs_dirs(passenger_t)
fs_search_cgroup_dirs(passenger_t)
fs_search_fusefs(passenger_t)
fs_search_nfs(passenger_t)
storage_getattr_fixed_disk_dev(passenger_t)

Related issues 1 (0 open1 closed)

Related to SELinux - Bug #13357: Passenger wants to exec lsof after crashClosed01/25/2016Actions
Actions
Copy link
 #1

Updated by The Foreman Bot over 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal
  • Pull request https://github.com/theforeman/foreman-selinux/pull/74 added
Actions
Copy link
 #2

Updated by Adam Ruzicka almost 6 years ago

Sounds similar to https://projects.theforeman.org/issues/13357 if passenger considers having its threads killed as a crash.

Actions
Copy link
 #3

Updated by Lukas Zapletal almost 6 years ago

  • Status changed from Ready For Testing to Duplicate

You are right, that's duplicate of #13357.

Actions
Copy link
 #4

Updated by Lukas Zapletal almost 6 years ago

  • Related to Bug #13357: Passenger wants to exec lsof after crash added
Actions
Copy link

Also available in: Atom PDF