Created
March 7, 2019 09:56
-
-
Save nmagnezi/bf9620593462cd64a25c5ff7f1a34ccb to your computer and use it in GitHub Desktop.
Without container-selinux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rm -f *~ *.if *.tc *.pp *.pp.bz2 local_settings.sh | |
rm -rf tmp *.tar.gz | |
make -f /usr/share/selinux/devel/Makefile os-ovs.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-ovs module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-ovs.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-ovs.mod | |
Creating targeted os-ovs.pp policy package | |
rm tmp/os-ovs.mod tmp/os-ovs.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-ovs.pp -> os-ovs.pp.bz2 | |
bzip2 -9 os-ovs.pp | |
make -f /usr/share/selinux/devel/Makefile os-swift.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-swift module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-swift.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-swift.mod | |
Creating targeted os-swift.pp policy package | |
rm tmp/os-swift.mod tmp/os-swift.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-swift.pp -> os-swift.pp.bz2 | |
bzip2 -9 os-swift.pp | |
make -f /usr/share/selinux/devel/Makefile os-nova.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-nova module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-nova.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-nova.mod | |
Creating targeted os-nova.pp policy package | |
rm tmp/os-nova.mod tmp/os-nova.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-nova.pp -> os-nova.pp.bz2 | |
bzip2 -9 os-nova.pp | |
make -f /usr/share/selinux/devel/Makefile os-neutron.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-neutron module | |
os-neutron.te:72: Warning: seutil_exec_restorecon(neutron_t) has been deprecated, please use seutil_exec_setfiles() instead. | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-neutron.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-neutron.mod | |
Creating targeted os-neutron.pp policy package | |
rm tmp/os-neutron.mod tmp/os-neutron.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-neutron.pp -> os-neutron.pp.bz2 | |
bzip2 -9 os-neutron.pp | |
make -f /usr/share/selinux/devel/Makefile os-mysql.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-mysql module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-mysql.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-mysql.mod | |
Creating targeted os-mysql.pp policy package | |
rm tmp/os-mysql.mod.fc tmp/os-mysql.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-mysql.pp -> os-mysql.pp.bz2 | |
bzip2 -9 os-mysql.pp | |
make -f /usr/share/selinux/devel/Makefile os-glance.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-glance module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-glance.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-glance.mod | |
Creating targeted os-glance.pp policy package | |
rm tmp/os-glance.mod tmp/os-glance.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-glance.pp -> os-glance.pp.bz2 | |
bzip2 -9 os-glance.pp | |
make -f /usr/share/selinux/devel/Makefile os-rsync.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-rsync module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-rsync.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-rsync.mod | |
Creating targeted os-rsync.pp policy package | |
rm tmp/os-rsync.mod tmp/os-rsync.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-rsync.pp -> os-rsync.pp.bz2 | |
bzip2 -9 os-rsync.pp | |
make -f /usr/share/selinux/devel/Makefile os-rabbitmq.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-rabbitmq module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-rabbitmq.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-rabbitmq.mod | |
Creating targeted os-rabbitmq.pp policy package | |
rm tmp/os-rabbitmq.mod.fc tmp/os-rabbitmq.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-rabbitmq.pp -> os-rabbitmq.pp.bz2 | |
bzip2 -9 os-rabbitmq.pp | |
make -f /usr/share/selinux/devel/Makefile os-keepalived.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-keepalived module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-keepalived.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-keepalived.mod | |
Creating targeted os-keepalived.pp policy package | |
rm tmp/os-keepalived.mod tmp/os-keepalived.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-keepalived.pp -> os-keepalived.pp.bz2 | |
bzip2 -9 os-keepalived.pp | |
make -f /usr/share/selinux/devel/Makefile os-keystone.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-keystone module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-keystone.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-keystone.mod | |
Creating targeted os-keystone.pp policy package | |
rm tmp/os-keystone.mod.fc tmp/os-keystone.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-keystone.pp -> os-keystone.pp.bz2 | |
bzip2 -9 os-keystone.pp | |
make -f /usr/share/selinux/devel/Makefile os-haproxy.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-haproxy module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-haproxy.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-haproxy.mod | |
Creating targeted os-haproxy.pp policy package | |
rm tmp/os-haproxy.mod.fc tmp/os-haproxy.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-haproxy.pp -> os-haproxy.pp.bz2 | |
bzip2 -9 os-haproxy.pp | |
make -f /usr/share/selinux/devel/Makefile os-mongodb.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-mongodb module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-mongodb.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-mongodb.mod | |
Creating targeted os-mongodb.pp policy package | |
rm tmp/os-mongodb.mod.fc tmp/os-mongodb.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-mongodb.pp -> os-mongodb.pp.bz2 | |
bzip2 -9 os-mongodb.pp | |
make -f /usr/share/selinux/devel/Makefile os-ipxe.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-ipxe module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-ipxe.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-ipxe.mod | |
Creating targeted os-ipxe.pp policy package | |
rm tmp/os-ipxe.mod tmp/os-ipxe.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-ipxe.pp -> os-ipxe.pp.bz2 | |
bzip2 -9 os-ipxe.pp | |
make -f /usr/share/selinux/devel/Makefile os-redis.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-redis module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-redis.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-redis.mod | |
Creating targeted os-redis.pp policy package | |
rm tmp/os-redis.mod.fc tmp/os-redis.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-redis.pp -> os-redis.pp.bz2 | |
bzip2 -9 os-redis.pp | |
make -f /usr/share/selinux/devel/Makefile os-cinder.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-cinder module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-cinder.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-cinder.mod | |
Creating targeted os-cinder.pp policy package | |
rm tmp/os-cinder.mod tmp/os-cinder.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-cinder.pp -> os-cinder.pp.bz2 | |
bzip2 -9 os-cinder.pp | |
make -f /usr/share/selinux/devel/Makefile os-httpd.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-httpd module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-httpd.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-httpd.mod | |
Creating targeted os-httpd.pp policy package | |
rm tmp/os-httpd.mod.fc tmp/os-httpd.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-httpd.pp -> os-httpd.pp.bz2 | |
bzip2 -9 os-httpd.pp | |
make -f /usr/share/selinux/devel/Makefile os-gnocchi.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-gnocchi module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-gnocchi.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-gnocchi.mod | |
Creating targeted os-gnocchi.pp policy package | |
rm tmp/os-gnocchi.mod tmp/os-gnocchi.mod.fc | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-gnocchi.pp -> os-gnocchi.pp.bz2 | |
bzip2 -9 os-gnocchi.pp | |
make -f /usr/share/selinux/devel/Makefile os-collectd.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-collectd module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-collectd.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-collectd.mod | |
Creating targeted os-collectd.pp policy package | |
rm tmp/os-collectd.mod.fc tmp/os-collectd.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-collectd.pp -> os-collectd.pp.bz2 | |
bzip2 -9 os-collectd.pp | |
make -f /usr/share/selinux/devel/Makefile os-virt.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-virt module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-virt.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-virt.mod | |
Creating targeted os-virt.pp policy package | |
rm tmp/os-virt.mod.fc tmp/os-virt.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-virt.pp -> os-virt.pp.bz2 | |
bzip2 -9 os-virt.pp | |
make -f /usr/share/selinux/devel/Makefile os-dnsmasq.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-dnsmasq module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-dnsmasq.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-dnsmasq.mod | |
Creating targeted os-dnsmasq.pp policy package | |
rm tmp/os-dnsmasq.mod.fc tmp/os-dnsmasq.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-dnsmasq.pp -> os-dnsmasq.pp.bz2 | |
bzip2 -9 os-dnsmasq.pp | |
make -f /usr/share/selinux/devel/Makefile os-octavia.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-octavia module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-octavia.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-octavia.mod | |
Creating targeted os-octavia.pp policy package | |
rm tmp/os-octavia.mod.fc tmp/os-octavia.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-octavia.pp -> os-octavia.pp.bz2 | |
bzip2 -9 os-octavia.pp | |
make -f /usr/share/selinux/devel/Makefile os-podman.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-podman module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-podman.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-podman.mod | |
Creating targeted os-podman.pp policy package | |
rm tmp/os-podman.mod.fc tmp/os-podman.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-podman.pp -> os-podman.pp.bz2 | |
bzip2 -9 os-podman.pp | |
make -f /usr/share/selinux/devel/Makefile os-rsyslog.pp | |
make[1]: Entering directory '/root/openstack-selinux' | |
Compiling targeted os-rsyslog module | |
/usr/bin/checkmodule: loading policy configuration from tmp/os-rsyslog.tmp | |
/usr/bin/checkmodule: policy configuration loaded | |
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/os-rsyslog.mod | |
Creating targeted os-rsyslog.pp policy package | |
rm tmp/os-rsyslog.mod.fc tmp/os-rsyslog.mod | |
make[1]: Leaving directory '/root/openstack-selinux' | |
Compressing os-rsyslog.pp -> os-rsyslog.pp.bz2 | |
bzip2 -9 os-rsyslog.pp | |
sed -e 's/@MODULES@/os-ovs os-swift os-nova os-neutron os-mysql os-glance os-rsync os-rabbitmq os-keepalived os-keystone os-haproxy os-mongodb os-ipxe os-redis os-cinder os-httpd os-gnocchi os-collectd os-virt os-dnsmasq os-octavia os-podman os-rsyslog/' local_settings.sh.in > local_settings.sh | |
chmod 0755 local_settings.sh | |
# Install the setup script | |
install -d /usr/share/openstack-selinux/master | |
install -m 0755 local_settings.sh /usr/share/openstack-selinux/master | |
# Install tests | |
install -d /usr/share/openstack-selinux/master/tests | |
install -m 0644 tests/bz* /usr/share/openstack-selinux/master/tests | |
install -m 0755 tests/check_all /usr/share/openstack-selinux/master/tests | |
# Install interfaces | |
install -d /usr/share/selinux/devel/include/services | |
install -m 0644 os-ovs.if os-swift.if os-nova.if os-neutron.if os-mysql.if os-glance.if os-rsync.if os-rabbitmq.if os-keepalived.if os-keystone.if os-haproxy.if os-mongodb.if os-ipxe.if os-redis.if os-cinder.if os-httpd.if os-gnocchi.if os-collectd.if os-virt.if os-dnsmasq.if os-octavia.if os-podman.if os-rsyslog.if /usr/share/selinux/devel/include/services | |
# Install policy modules | |
install -d /usr/share/selinux/packages | |
install -m 0644 os-ovs.pp.bz2 os-swift.pp.bz2 os-nova.pp.bz2 os-neutron.pp.bz2 os-mysql.pp.bz2 os-glance.pp.bz2 os-rsync.pp.bz2 os-rabbitmq.pp.bz2 os-keepalived.pp.bz2 os-keystone.pp.bz2 os-haproxy.pp.bz2 os-mongodb.pp.bz2 os-ipxe.pp.bz2 os-redis.pp.bz2 os-cinder.pp.bz2 os-httpd.pp.bz2 os-gnocchi.pp.bz2 os-collectd.pp.bz2 os-virt.pp.bz2 os-dnsmasq.pp.bz2 os-octavia.pp.bz2 os-podman.pp.bz2 os-rsyslog.pp.bz2 /usr/share/selinux/packages | |
cd /usr/share/openstack-selinux/master && ./local_settings.sh ;\ | |
cd /usr/share/openstack-selinux/master/tests && ./check_all ;\ | |
RET=$? ;\ | |
cd /usr/share/openstack-selinux/master && ./local_settings.sh -x ;\ | |
if [[ "$RET" -ne 0 ]]; then \ | |
/bin/false ;\ | |
else \ | |
/bin/true ;\ | |
fi | |
Setting up ports... | |
Installing OpenStack extra policies and setting booleans... | |
Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/os-nova/cil:23 | |
OSError: [Errno 0] Error | |
Setting OpenStack booleans... | |
ValueError: Boolean os_nova_use_execmem is not defined | |
Relabeling files... | |
Reloading SELinux policies... | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_runtime_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:container_runtime_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_runtime_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:container_runtime_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type container_runtime_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:container_runtime_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type container_share_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:object_r:container_share_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
libsepol.context_from_record: type spc_t is not defined | |
libsepol.context_from_record: could not create context structure | |
libsepol.context_from_string: could not create context structure | |
libsepol.sepol_context_to_sid: could not convert system_u:system_r:spc_t:s0 to sid | |
bz1095869:2:type=AVC msg=audit(1402611890.888:10080): avc: denied { read } for pid=11138 comm="sysctl" name="ip_forward" dev="proc" ino=175996 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file | |
bz1095869:3:type=AVC msg=audit(1402611890.888:10079): avc: denied { getattr } for pid=11138 comm="sysctl" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=175996 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file | |
bz1095869:4:type=AVC msg=audit(1402611890.888:10080): avc: denied { open } for pid=11138 comm="sysctl" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=175996 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file | |
bz1095869:5:type=AVC msg=audit(1402611890.979:10088): avc: denied { getattr } for pid=29513 comm="nova-network" path="/dev/vhost-net" dev="devtmpfs" ino=12363 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:vhost_device_t:s0 tclass=chr_file | |
bz1095869:7:type=AVC msg=audit(1402611892.747:10105): avc: denied { net_raw } for pid=11159 comm="dnsmasq" capability=13 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=capability | |
bz1095869:8:type=AVC msg=audit(1402611936.578:10217): avc: denied { kill } for pid=11286 comm="kill" capability=5 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=capability | |
bz1095869:9:type=AVC msg=audit(1402611936.576:10216): avc: denied { sys_ptrace } for pid=11285 comm="nova-rootwrap" capability=19 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=capability | |
bz1095869:10:type=AVC msg=audit(1402611890.888:10079): avc: denied { search } for pid=11138 comm="sysctl" name="net" dev="proc" ino=1305 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir | |
bz1108187:1:type=AVC msg=audit(1402493890.821:585): avc: denied { write } for pid=31594 comm="ovs-vsctl" path="/tmp/puppet20140611-31236-1adclaf" dev="dm-1" ino=101120987 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:init_tmp_t:s0 tclass=file | |
bz1108937:1:type=AVC msg=audit(1403718102.298:671): avc: denied { name_bind } for pid=13262 comm="haproxy" src=5672 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket | |
bz1108937:2:type=AVC msg=audit(1403718102.299:672): avc: denied { name_connect } for pid=13263 comm="haproxy" dest=5672 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket | |
bz1110263:3:type=AVC msg=audit(1404139758.268:1579): avc: denied { name_connect } for pid=4151 comm="neutron-metadat" dest=8775 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1111990:2:type=AVC msg=audit(1403608527.748:201987): avc: denied { search } for pid=15823 comm="glance-api" name="/" dev="fuse" ino=1 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir | |
bz1111990:3:type=AVC msg=audit(1403608560.600:202198): avc: denied { name_connect } for pid=1786 comm="haproxy" dest=80 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket | |
bz1111990:4:type=AVC msg=audit(1403610750.803:203470): avc: denied { getattr } for pid=15822 comm="glance-api" path="/var/lib/glance/images" dev="fuse" ino=11615908447317481990 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir | |
bz1111990:5:type=AVC msg=audit(1403610750.805:203471): avc: denied { write } for pid=15822 comm="glance-api" name="images" dev="fuse" ino=11615908447317481990 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir | |
bz1111990:6:type=AVC msg=audit(1403610750.806:203473): avc: denied { read } for pid=15822 comm="glance-api" name="2833208e-ec22-4cca-944b-e4b7195ff10b" dev="fuse" ino=12487031008510300865 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file | |
bz1111990:7:type=AVC msg=audit(1403610750.806:203473): avc: denied { open } for pid=15822 comm="glance-api" path="/var/lib/glance/images/2833208e-ec22-4cca-944b-e4b7195ff10b" dev="fuse" ino=12487031008510300865 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=file | |
bz1111990:8:type=AVC msg=audit(1403611599.573:203828): avc: denied { search } for pid=15806 comm="glance-registry" name="/" dev="fuse" ino=1 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir | |
bz1114254:4:type=AVC msg=audit(1404250077.752:12084): avc: denied { read } for pid=2202 comm="haproxy" name="conf" dev="sda5" ino=20316186 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1114254:5:type=AVC msg=audit(1404250077.752:12084): avc: denied { open } for pid=2202 comm="haproxy" path="/var/lib/neutron/lbaas/98193a60-84d7-478e-90ee-cf34e48986bb/conf" dev="sda5" ino=20316186 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1114254:6:type=AVC msg=audit(1404250077.752:12085): avc: denied { getattr } for pid=2202 comm="haproxy" path="/var/lib/neutron/lbaas/98193a60-84d7-478e-90ee-cf34e48986bb/conf" dev="sda5" ino=20316186 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1114254:7:type=AVC msg=audit(1404250077.753:12086): avc: denied { write } for pid=2202 comm="haproxy" name="98193a60-84d7-478e-90ee-cf34e48986bb" dev="sda5" ino=20316185 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1114254:8:type=AVC msg=audit(1404250077.753:12086): avc: denied { add_name } for pid=2202 comm="haproxy" name="sock.2202.tmp" scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1114254:9:type=AVC msg=audit(1404250077.753:12086): avc: denied { create } for pid=2202 comm="haproxy" name="sock.2202.tmp" scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=sock_file | |
bz1114254:10:type=AVC msg=audit(1404250077.753:12087): avc: denied { setattr } for pid=2202 comm="haproxy" name="sock.2202.tmp" dev="sda5" ino=20316187 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=sock_file | |
bz1114254:11:type=AVC msg=audit(1404250077.753:12088): avc: denied { remove_name } for pid=2202 comm="haproxy" name="sock.2202.tmp" dev="sda5" ino=20316187 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1114254:12:type=AVC msg=audit(1404250077.753:12088): avc: denied { rename } for pid=2202 comm="haproxy" name="sock.2202.tmp" dev="sda5" ino=20316187 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=sock_file | |
bz1114254:13:type=AVC msg=audit(1404250472.428:12260): avc: denied { link } for pid=2905 comm="haproxy" name="sock" dev="sda5" ino=20316187 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=sock_file | |
bz1114254:14:type=AVC msg=audit(1404250472.428:12263): avc: denied { unlink } for pid=2905 comm="haproxy" name="sock" dev="sda5" ino=20316187 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=sock_file | |
bz1114581:2:type=AVC msg=audit(1404050797.155:306): avc: denied { name_bind } for pid=76930 comm="haproxy" src=3306 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:mysqld_port_t:s0 tclass=tcp_socket | |
bz1114581:3:type=AVC msg=audit(1404050797.155:307): avc: denied { name_bind } for pid=76930 comm="haproxy" src=5672 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:amqp_port_t:s0 tclass=tcp_socket | |
bz1118859:1:type=AVC msg=audit(1405371699.582:201): avc: denied { getattr } for pid=14592 comm="lsof" path="/usr/bin/mysqld_safe" dev="dm-0" ino=17369661 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:mysqld_safe_exec_t:s0 tclass=file | |
bz1119151:1:type=AVC msg=audit(1405289981.574:22191): avc: denied { name_connect } for pid=20464 comm="glance-api" dest=6800 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1119400:1:type=AVC msg=audit(1405130267.572:5587): avc: denied { execstack } for pid=8320 comm="glance-api" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:system_r:glance_api_t:s0 tclass=process | |
bz1119400:2:type=AVC msg=audit(1405130267.572:5587): avc: denied { execmem } for pid=8320 comm="glance-api" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:system_r:glance_api_t:s0 tclass=process | |
bz1119845:1:type=AVC msg=audit(1405141351.574:1913): avc: denied { execstack } for pid=22718 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c62,c1018 tcontext=system_u:system_r:svirt_t:s0:c62,c1018 tclass=process | |
bz1119845:2:type=AVC msg=audit(1405141351.574:1913): avc: denied { execmem } for pid=22718 comm="qemu-kvm" scontext=system_u:system_r:svirt_t:s0:c62,c1018 tcontext=system_u:system_r:svirt_t:s0:c62,c1018 tclass=process | |
bz1127910:1:type=AVC msg=audit(1409615248.750:4447): avc: denied { name_connect } for pid=8695 comm="httpd" dest=7002 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1127910:2:type=AVC msg=audit(1409330405.309:350): avc: denied { name_connect } for pid=4076 comm="httpd" dest=5050 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:mmcc_port_t:s0 tclass=tcp_socket | |
bz1127910:3:type=AVC msg=audit(1409330362.290:337): avc: denied { name_connect } for pid=2873 comm="httpd" dest=5432 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket | |
bz1130212:1:type=AVC msg=audit(1407878178.972:27128): avc: denied { execstack } for pid=32444 comm="glance-api" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:system_r:glance_api_t:s0 tclass=process | |
bz1130212:2:type=AVC msg=audit(1407948306.356:36165): avc: denied { execmem } for pid=7085 comm="glance-api" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:system_r:glance_api_t:s0 tclass=process | |
bz1135510:1:type=AVC msg=audit(1410441955.552:18034): avc: denied { name_connect } for pid=8709 comm="neutron-metadat" dest=8775 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1135510:2:type=AVC msg=audit(1410436183.087:973): avc: denied { getattr } for pid=9288 comm="ipsec" path="/usr/sbin/ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135510:4:type=AVC msg=audit(1410436273.618:1855): avc: denied { execute } for pid=11176 comm="ip" name="ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135510:5:type=AVC msg=audit(1410436183.085:971): avc: denied { read open } for pid=9288 comm="ip" path="/usr/sbin/ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135510:6:type=AVC msg=audit(1410441954.965:18032): avc: denied { name_connect } for pid=8709 comm="neutron-metadat" dest=5000 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket | |
bz1135510:7:type=AVC msg=audit(1410436183.080:970): avc: denied { execute } for pid=9285 comm="neutron-rootwra" name="ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135510:9:type=AVC msg=audit(1410436178.295:806): avc: denied { name_connect } for pid=9079 comm="glance-api" dest=6800 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1135510:11:type=AVC msg=audit(1410436183.085:971): avc: denied { execute_no_trans } for pid=9288 comm="ip" path="/usr/sbin/ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135510:13:type=AVC msg=audit(1410436016.349:475): avc: denied { name_bind } for pid=7780 comm="httpd" src=8777 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1135510:15:type=AVC msg=audit(1410436183.087:972): avc: denied { ioctl } for pid=9288 comm="ipsec" path="/usr/sbin/ipsec" dev="dm-0" ino=36196395 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_mgmt_exec_t:s0 tclass=file | |
bz1135637:1:type=AVC msg=audit(1409339636.061:670): avc: denied { write } for pid=7104 comm="rsync" path="/tmp/puppet20140829-3353-1v6cjus" dev="vda3" ino=202811960 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:init_tmp_t:s0 tclass=file | |
bz1135637:2:type=AVC msg=audit(1409340064.256:752): avc: denied { relabelto } for pid=13973 comm="rsync" name=".01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file | |
bz1135637:3:type=AVC msg=audit(1409340064.256:754): avc: denied { remove_name } for pid=13973 comm="rsync" name=".01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1135637:4:type=AVC msg=audit(1409339868.552:721): avc: denied { setattr } for pid=7604 comm="rsync" name="galera" dev="vda3" ino=202811960 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:5:type=AVC msg=audit(1409339868.551:720): avc: denied { create } for pid=7604 comm="rsync" name="galera" scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:6:type=AVC msg=audit(1409340064.256:754): avc: denied { unlink } for pid=13973 comm="rsync" name="01.pem" dev="vda3" ino=68936250 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file | |
bz1135637:7:type=AVC msg=audit(1409340064.256:750): avc: denied { write } for pid=13973 comm="rsync" path="/etc/keystone/ssl/certs/.01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file | |
bz1135637:8:type=AVC msg=audit(1409340064.256:750): avc: denied { create } for pid=13973 comm="rsync" name=".01.pem.lUDibG" scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file | |
bz1135637:9:type=AVC msg=audit(1409340064.251:749): avc: denied { setattr } for pid=13969 comm="rsync" name="ssl" dev="vda3" ino=1005118 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1135637:11:type=AVC msg=audit(1409339868.553:722): avc: denied { relabelfrom } for pid=7609 comm="rsync" name="galera" dev="vda3" ino=202811960 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:12:type=AVC msg=audit(1409339868.551:720): avc: denied { add_name } for pid=7604 comm="rsync" name="galera" scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:13:type=AVC msg=audit(1409339510.578:661): avc: denied { write } for pid=6369 comm="epmd" path="/tmp/puppet20140829-3353-yvhqdp" dev="vda3" ino=202811940 scontext=system_u:system_r:rabbitmq_epmd_t:s0 tcontext=system_u:object_r:init_tmp_t:s0 tclass=file | |
bz1135637:14:type=AVC msg=audit(1409340064.256:750): avc: denied { write } for pid=13973 comm="rsync" name="certs" dev="vda3" ino=68936238 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1135637:15:type=AVC msg=audit(1409339868.553:726): avc: denied { remove_name } for pid=7609 comm="rsync" name=".galera.crt.FLi7uk" dev="vda3" ino=202811961 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:16:type=AVC msg=audit(1409339868.553:723): avc: denied { write } for pid=7609 comm="rsync" path="/etc/pki/galera/.galera.crt.FLi7uk" dev="vda3" ino=202811961 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file | |
bz1135637:17:type=AVC msg=audit(1409340064.256:754): avc: denied { rename } for pid=13973 comm="rsync" name=".01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file | |
bz1135637:18:type=AVC msg=audit(1409339868.553:726): avc: denied { rename } for pid=7609 comm="rsync" name=".galera.crt.FLi7uk" dev="vda3" ino=202811961 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file | |
bz1135637:19:type=AVC msg=audit(1409339868.553:722): avc: denied { relabelto } for pid=7609 comm="rsync" name="galera" dev="vda3" ino=202811960 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:20:type=AVC msg=audit(1409340064.256:753): avc: denied { setattr } for pid=13973 comm="rsync" name=".01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file | |
bz1135637:21:type=AVC msg=audit(1409340064.256:752): avc: denied { relabelfrom } for pid=13973 comm="rsync" name=".01.pem.lUDibG" dev="vda3" ino=68936252 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file | |
bz1135637:22:type=AVC msg=audit(1409339636.180:671): avc: denied { write } for pid=7104 comm="rsync" name="pki" dev="vda3" ino=67110160 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir | |
bz1135637:23:type=AVC msg=audit(1409340064.256:750): avc: denied { add_name } for pid=13973 comm="rsync" name=".01.pem.lUDibG" scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1144199:1:type=AVC msg=audit(1411134377.778:4436): avc: denied { name_bind } for pid=7139 comm="neutron-ns-meta" src=80 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket | |
bz1145802:1:type=AVC msg=audit(1411046175.546:2138): avc: denied { getattr } for pid=4848 comm="glance-api" path="/var/lib/glance/images" dev="0:36" ino=111738944 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1168526:1:type=AVC msg=audit(1417089038.047:151800): avc: denied { execute } for pid=9179 comm="neutron-rootwra" name="radvd" dev="sda5" ino=22025167 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:radvd_exec_t:s0 tclass=file | |
bz1168526:2:type=AVC msg=audit(1419926040.12:174465): avc: denied { read open } for pid=16738 comm="ip" path="/usr/sbin/radvd" dev="sda5" ino=26219408 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:radvd_exec_t:s0 tclass=file | |
bz1168526:3:type=AVC msg=audit(1419926040.12:174465): avc: denied { execute_no_trans } for pid=16738 comm="ip" path="/usr/sbin/radvd" dev="sda5" ino=26219408 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:radvd_exec_t:s0 tclass=file | |
bz1169859:1:type=AVC msg=audit(1417622542.995:32990): avc: denied { getattr } for pid=27519 comm="keepalived" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_socket | |
bz1169859:2:type=AVC msg=audit(1417622542.995:32989): avc: denied { bind } for pid=27519 comm="keepalived" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_socket | |
bz1169859:3:type=AVC msg=audit(1417622542.995:32987): avc: denied { create } for pid=27519 comm="keepalived" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_socket | |
bz1169859:4:type=AVC msg=audit(1417622542.997:32991): avc: denied { execute } for pid=27521 comm="sh" name="notify_backup.sh" dev="vda3" ino=65030 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1169859:5:type=AVC msg=audit(1417622542.958:32984): avc: denied { read open } for pid=27517 comm="ip" path="/usr/sbin/keepalived" dev="vda3" ino=138190 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:keepalived_exec_t:s0 tclass=file | |
bz1169859:6:type=AVC msg=audit(1417622542.944:32983): avc: denied { execute } for pid=27516 comm="neutron-rootwra" name="keepalived" dev="vda3" ino=138190 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:keepalived_exec_t:s0 tclass=file | |
bz1169859:7:type=AVC msg=audit(1417622542.997:32991): avc: denied { execute_no_trans } for pid=27521 comm="sh" path="/var/lib/neutron/ha_confs/90ecb37a-7050-4ca6-b4c8-29bf5950c42e/notify_backup.sh" dev="vda3" ino=65030 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1170367:1:type=AVC msg=audit(1417638763.636:183): avc: denied { read } for pid=19681 comm="mysqld_safe" name="cores" dev="dm-0" ino=51125914 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:cluster_var_lib_t:s0 tclass=dir | |
bz1170839:1:type=AVC msg=audit(1417690758.589:915): avc: denied { read open } for pid=8511 comm="nova-rootwrap" path="/usr/sbin/arping" dev="vda1" ino=17240309 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:netutils_exec_t:s0 tclass=file | |
bz1170839:2:type=AVC msg=audit(1417690758.590:916): avc: denied { create } for pid=8511 comm="arping" scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=packet_socket | |
bz1170839:3:type=AVC msg=audit(1417690758.591:917): avc: denied { bind } for pid=8511 comm="arping" scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=packet_socket | |
bz1170839:4:type=AVC msg=audit(1417690758.589:915): avc: denied { execute_no_trans } for pid=8511 comm="nova-rootwrap" path="/usr/sbin/arping" dev="vda1" ino=17240309 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:netutils_exec_t:s0 tclass=file | |
bz1170839:5:type=AVC msg=audit(1417690758.591:918): avc: denied { getattr } for pid=8511 comm="arping" scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:system_r:nova_network_t:s0 tclass=packet_socket | |
bz1170839:7:type=AVC msg=audit(1417690758.588:914): avc: denied { execute } for pid=8510 comm="nova-rootwrap" name="arping" dev="vda1" ino=17240309 scontext=system_u:system_r:nova_network_t:s0 tcontext=system_u:object_r:netutils_exec_t:s0 tclass=file | |
bz1174977:1:type=AVC msg=audit(1418765466.759:72017): avc: denied { name_connect } for pid=31996 comm="httpd" dest=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket | |
bz1176842:1:type=AVC msg=audit(1419838568.567:1365): avc: denied { read } for pid=6573 comm="keystone-all" name="keystone-dist.conf" dev="sda5" ino=10753052 scontext=system_u:system_r:keystone_t:s0 tcontext=system_u:object_r:keystone_cgi_script_exec_t:s0 tclass=file | |
bz1176842:2:type=AVC msg=audit(1419838568.566:1364): avc: denied { getattr } for pid=6573 comm="keystone-all" path="/usr/share/keystone/keystone-dist.conf" dev="sda5" ino=10753052 scontext=system_u:system_r:keystone_t:s0 tcontext=system_u:object_r:keystone_cgi_script_exec_t:s0 tclass=file | |
bz1176842:3:type=AVC msg=audit(1419838568.567:1365): avc: denied { open } for pid=6573 comm="keystone-all" path="/usr/share/keystone/keystone-dist.conf" dev="sda5" ino=10753052 scontext=system_u:system_r:keystone_t:s0 tcontext=system_u:object_r:keystone_cgi_script_exec_t:s0 tclass=file | |
bz1180230:1:type=AVC msg=audit(1420693901.582:15510): avc: denied { name_bind } for pid=1147 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket | |
bz1180230:2:type=AVC msg=audit(1420694028.935:15621): avc: denied { open } for pid=1363 comm="httpd" path="/var/log/keystone/keystone.log" dev="vda1" ino=25700381 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:keystone_log_t:s0 tclass=file | |
bz1180679:1:type=AVC msg=audit(1420828502.323:1254): avc: denied { open } for pid=9180 comm="keepalived" path="/run/neutron/ha_confs/70486958-f838-4f4d-adcc-ea20a93dc3b4/keepalived.conf" dev="tmpfs" ino=83903 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:2:type=AVC msg=audit(1420828263.958:217): avc: denied { getattr } for pid=4421 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda1" ino=4547471 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1180679:3:type=AVC msg=audit(1420828499.282:995): avc: denied { search } for pid=9178 comm="keepalived" name="neutron" dev="tmpfs" ino=20357 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1180679:4:type=AVC msg=audit(1420828263.921:215): avc: denied { getattr } for pid=4424 comm="os-apply-config" path="/var/lib/cloud/data/cfn-init-data" dev="sda1" ino=4194783 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file | |
bz1180679:5:type=AVC msg=audit(1420828499.283:996): avc: denied { write open } for pid=9179 comm="keepalived" path="/run/neutron/ha_confs/70486958-f838-4f4d-adcc-ea20a93dc3b4.pid" dev="tmpfs" ino=81216 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:6:type=AVC msg=audit(1420828263.921:216): avc: denied { read } for pid=4424 comm="os-apply-config" name="cfn-init-data" dev="sda1" ino=4194783 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file | |
bz1180679:7:type=AVC msg=audit(1420828263.920:214): avc: denied { open } for pid=4424 comm="os-apply-config" path="/var/lib/heat-cfntools/cfn-init-data" dev="sda1" ino=12627872 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1180679:8:type=AVC msg=audit(1420828263.919:210): avc: denied { open } for pid=4424 comm="os-apply-config" path="/var/log/os-apply-config.log" dev="sda1" ino=8732425 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file | |
bz1180679:9:type=AVC msg=audit(1420828499.283:996): avc: denied { add_name } for pid=9179 comm="keepalived" name="70486958-f838-4f4d-adcc-ea20a93dc3b4.pid" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1180679:10:type=AVC msg=audit(1420828499.283:996): avc: denied { create } for pid=9179 comm="keepalived" name="70486958-f838-4f4d-adcc-ea20a93dc3b4.pid" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:11:type=AVC msg=audit(1420828263.958:220): avc: denied { execute_no_trans } for pid=4433 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda1" ino=4547471 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1180679:12:type=AVC msg=audit(1420828263.958:219): avc: denied { read } for pid=4421 comm="keepalived_vip_" name="ip" dev="sda1" ino=4547471 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1180679:13:type=AVC msg=audit(1420828499.290:1001): avc: denied { execute_no_trans } for pid=9182 comm="sh" path="/run/neutron/ha_confs/70486958-f838-4f4d-adcc-ea20a93dc3b4/notify_backup.sh" dev="tmpfs" ino=81133 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:14:type=AVC msg=audit(1420828263.920:212): avc: denied { open } for pid=4424 comm="os-apply-config" path="/var/lib/os-collect-config/os_config_files.json" dev="sda1" ino=12627907 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file | |
bz1180679:15:type=AVC msg=audit(1420828263.921:216): avc: denied { open } for pid=4424 comm="os-apply-config" path="/var/lib/cloud/data/cfn-init-data" dev="sda1" ino=4194783 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:cloud_var_lib_t:s0 tclass=file | |
bz1180679:16:type=AVC msg=audit(1420828263.958:220): avc: denied { open } for pid=4433 comm="keepalived_vip_" path="/usr/sbin/ip" dev="sda1" ino=4547471 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1180679:17:type=AVC msg=audit(1420828263.958:218): avc: denied { execute } for pid=4421 comm="keepalived_vip_" name="ip" dev="sda1" ino=4547471 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1180679:18:type=AVC msg=audit(1420828263.920:214): avc: denied { read } for pid=4424 comm="os-apply-config" name="cfn-init-data" dev="sda1" ino=12627872 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1180679:19:type=AVC msg=audit(1420828263.920:212): avc: denied { read } for pid=4424 comm="os-apply-config" name="os_config_files.json" dev="sda1" ino=12627907 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file | |
bz1180679:20:type=AVC msg=audit(1420828502.329:1257): avc: denied { write } for pid=9450 comm="bash" name="state" dev="tmpfs" ino=81272 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:21:type=AVC msg=audit(1420828499.283:997): avc: denied { getattr } for pid=9179 comm="keepalived" path="/run/neutron/ha_confs/70486958-f838-4f4d-adcc-ea20a93dc3b4.pid" dev="tmpfs" ino=81216 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:22:type=AVC msg=audit(1420828263.920:213): avc: denied { getattr } for pid=4424 comm="os-apply-config" path="/var/lib/heat-cfntools/cfn-init-data" dev="sda1" ino=12627872 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1180679:23:type=AVC msg=audit(1420828499.292:1002): avc: denied { ioctl } for pid=9182 comm="bash" path="/run/neutron/ha_confs/70486958-f838-4f4d-adcc-ea20a93dc3b4/notify_backup.sh" dev="tmpfs" ino=81133 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:24:type=AVC msg=audit(1420828499.283:996): avc: denied { write } for pid=9179 comm="keepalived" name="ha_confs" dev="tmpfs" ino=75523 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=dir | |
bz1180679:25:type=AVC msg=audit(1420828502.311:1250): avc: denied { signal } for pid=9448 comm="kill" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:keepalived_t:s0 tclass=process | |
bz1180679:26:type=AVC msg=audit(1420828499.290:1001): avc: denied { execute } for pid=9182 comm="sh" name="notify_backup.sh" dev="tmpfs" ino=81133 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:27:type=AVC msg=audit(1420828499.286:998): avc: denied { read } for pid=9180 comm="keepalived" name="keepalived.conf" dev="tmpfs" ino=79863 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1180679:28:type=AVC msg=audit(1420828263.920:211): avc: denied { getattr } for pid=4424 comm="os-apply-config" path="/var/lib/os-collect-config/os_config_files.json" dev="sda1" ino=12627907 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:init_var_lib_t:s0 tclass=file | |
bz1180881:1:type=AVC msg=audit(1421230145.638:4595): avc: denied { dac_override } for pid=6425 comm="keepalived" capability=1 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:system_r:keepalived_t:s0 tclass=capability | |
bz1180881:3:type=AVC msg=audit(1421165045.206:19477): avc: denied { sigkill } for pid=10254 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_t:s0 tclass=process | |
bz1195215:1:type=AVC msg=audit(1424683801.648:4935): avc: denied { getattr } for pid=6376 comm="haproxy" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem | |
bz1206148:1:type=AVC msg=audit(1427892592.798:1881233): avc: denied { getattr } for pid=13134 comm="keepalived" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem | |
bz1206148:2:type=AVC msg=audit(1427892692.372:1881569): avc: denied { unlink } for pid=12578 comm="keepalived" name="476fee88-54c1-42eb-8f6e-0a7fdddbc628.pid" dev="vda1" ino=192943239 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:neutron_var_lib_t:s0 tclass=file | |
bz1210271:1:type=AVC msg=audit(1428486597.985:9617409): avc: denied { read } for pid=23724 comm="glance-registry" name="glance" dev="dm-0" ino=134789393 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:glance_var_lib_t:s0 tclass=lnk_file | |
bz1210271:2:type=AVC msg=audit(1428759418.718:823087): avc: denied { read } for pid=73969 comm="qemu-kvm" name="nova" dev="dm-0" ino=135140337 scontext=system_u:system_r:svirt_t:s0:c96,c916 tcontext=unconfined_u:object_r:nova_var_lib_t:s0 tclass=lnk_file | |
bz1210271:3:type=AVC msg=audit(1430316923.059:242855): avc: denied { read } for pid=20626 comm="glance-api" name="glance" dev="dm-1" ino=135471215 scontext=system_u:system_r:glance_api_t:s0 tcontext=unconfined_u:object_r:glance_var_lib_t:s0 tclass=lnk_file | |
bz1210271:4:type=AVC msg=audit(1430311522.971:227905): avc: denied { read } for pid=20572 comm="glance-registry" name="glance" dev="dm-1" ino=135723583 scontext=system_u:system_r:glance_registry_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=lnk_file | |
bz1210271:5:type=AVC msg=audit(1430311522.890:227904): avc: denied { read } for pid=20627 comm="glance-api" name="glance" dev="dm-1" ino=135723583 scontext=system_u:system_r:glance_api_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=lnk_file | |
bz1211628:1:type=AVC msg=audit(1416249751.708:868196): avc: denied { write } for pid=17881 comm="qemu-kvm" name="console.log" dev="0:36" ino=203187846 scontext=system_u:system_r:svirt_tcg_t:s0:c155,c326 tcontext=system_u:object_r:nova_var_lib_t:s0 tclass=file | |
bz1219406:1:type=AVC msg=audit(1432132985.901:7760): avc: denied { write open } for pid=28929 comm="glance-api" path="/var/lib/glance/images/deb1afcd-a3d0-4356-8431-5eb7d8548783" dev="0:35" ino=42167210 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file | |
bz1219406:2:type=AVC msg=audit(1432805984.771:1287): avc: denied { remove_name } for pid=7213 comm="glance-api" name="39ff0be6-94d6-4323-8412-aa282e12da9c" dev="0:35" ino=42167210 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1219406:3:type=AVC msg=audit(1432805984.771:1287): avc: denied { write } for pid=7213 comm="glance-api" name="images" dev="0:35" ino=42167206 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1219406:4:type=AVC msg=audit(1432132570.541:6707): avc: denied { create } for pid=19280 comm="glance-api" name="images" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1219406:5:type=AVC msg=audit(1432805984.770:1286): avc: denied { getattr } for pid=7213 comm="glance-api" path="/var/lib/glance/images/39ff0be6-94d6-4323-8412-aa282e12da9c" dev="0:35" ino=42167210 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file | |
bz1219406:6:type=AVC msg=audit(1432805984.771:1287): avc: denied { unlink } for pid=7213 comm="glance-api" name="39ff0be6-94d6-4323-8412-aa282e12da9c" dev="0:35" ino=42167210 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file | |
bz1219406:7:type=AVC msg=audit(1430905710.941:205752): avc: denied { search } for pid=5894 comm="glance-api" name="/" dev="0:37" ino=395 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1219406:8:type=AVC msg=audit(1432132422.280:6330): avc: denied { add_name } for pid=15888 comm="glance-api" name="images" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1223006:1:type=AVC msg=audit(1432714833.802:3193): avc: denied { write } for pid=27251 comm="httpd" name="keystone" dev="dm-1" ino=35731993 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:keystone_log_t:s0 tclass=dir | |
bz1223006:2:type=AVC msg=audit(1432714833.802:3193): avc: denied { add_name } for pid=27251 comm="httpd" name="keystone.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:keystone_log_t:s0 tclass=dir | |
bz1223006:3:type=AVC msg=audit(1432714833.802:3193): avc: denied { create } for pid=27251 comm="httpd" name="keystone.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:keystone_log_t:s0 tclass=file | |
bz1230900:1:type=AVC msg=audit(1434131323.679:7807): avc: denied { create } for pid=26750 comm="neutron-rootwra" name="rootwrap.sock" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_tmp_t:s0 tclass=sock_file | |
bz1230900:2:type=AVC msg=audit(1434131323.679:7808): avc: denied { setattr } for pid=26750 comm="neutron-rootwra" name="rootwrap.sock" dev="dm-1" ino=71908034 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_tmp_t:s0 tclass=sock_file | |
bz1230900:3:type=AVC msg=audit(1434131323.679:7809): avc: denied { write } for pid=26673 comm="neutron-openvsw" name="rootwrap.sock" dev="dm-1" ino=71908034 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_tmp_t:s0 tclass=sock_file | |
bz1230900:4:type=AVC msg=audit(1434131631.311:10861): avc: denied { write } for pid=26881 comm="neutron-l3-agen" name="rootwrap.sock" dev="dm-1" ino=68196389 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:neutron_tmp_t:s0 tclass=sock_file | |
bz1232892:1:type=AVC msg=audit(1418940256.937:191): avc: denied { read } for pid=3481 comm="fakeAVC" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:tftpdir_t:s0 tclass=file permissive=1 | |
bz1232892:2:type=AVC msg=audit(1418940256.937:192): avc: denied { getattr } for pid=3481 comm="fakeAVC" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:tftpdir_t:s0 tclass=file permissive=1 | |
bz1232892:3:type=AVC msg=audit(1418940256.937:192): avc: denied { open } for pid=3481 comm="fakeAVC" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:tftpdir_t:s0 tclass=file permissive=1 | |
bz1243039:1:type=AVC msg=audit(1436967882.028:56042): avc: denied { read } for pid=28305 comm="sh" name="systemctl" dev="dm-1" ino=134482906 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1243039:2:type=AVC msg=audit(1436967882.028:56043): avc: denied { open } for pid=28305 comm="sh" path="/usr/bin/systemctl" dev="dm-1" ino=134482906 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1243039:3:type=AVC msg=audit(1436967882.028:56041): avc: denied { execute } for pid=28305 comm="sh" name="systemctl" dev="dm-1" ino=134482906 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1243039:4:type=AVC msg=audit(1436967882.027:56040): avc: denied { getattr } for pid=28305 comm="sh" path="/usr/bin/systemctl" dev="dm-1" ino=134482906 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1245846:1:type=AVC msg=audit(07/20/2015 14:23:28.857:957) : avc: denied { read } for pid=8935 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:2:type=AVC msg=audit(07/20/2015 14:29:06.309:1060) : avc: denied { read } for pid=9770 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:3:type=AVC msg=audit(07/20/2015 14:33:49.323:1161) : avc: denied { read } for pid=10405 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:4:type=AVC msg=audit(07/20/2015 14:39:38.152:1276) : avc: denied { read } for pid=11201 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:5:type=AVC msg=audit(07/20/2015 14:41:48.746:1337) : avc: denied { read } for pid=11543 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:6:type=AVC msg=audit(07/21/2015 19:42:10.339:32387) : avc: denied { read } for pid=11771 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:7:type=AVC msg=audit(07/21/2015 19:43:56.403:32430) : avc: denied { read } for pid=12017 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:8:type=AVC msg=audit(07/21/2015 19:45:22.446:32474) : avc: denied { open } for pid=12270 comm=addconn path=/etc/ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:9:type=AVC msg=audit(07/21/2015 19:45:22.446:32474) : avc: denied { read } for pid=12270 comm=addconn name=ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:10:type=AVC msg=audit(07/21/2015 19:45:22.446:32475) : avc: denied { ioctl } for pid=12270 comm=addconn path=/etc/ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:11:type=AVC msg=audit(07/21/2015 19:45:22.446:32476) : avc: denied { getattr } for pid=12270 comm=addconn path=/etc/ipsec.conf dev="sda5" ino=4064066 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_conf_file_t:s0 tclass=file | |
bz1245846:12:type=AVC msg=audit(07/21/2015 19:45:22.446:32477) : avc: denied { open } for pid=12270 comm=addconn path=/etc/ipsec.d dev="sda5" ino=4197937 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=dir | |
bz1245846:13:type=AVC msg=audit(07/21/2015 19:45:22.446:32477) : avc: denied { read } for pid=12270 comm=addconn name=ipsec.d dev="sda5" ino=4197937 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=dir | |
bz1245846:14:type=AVC msg=audit(07/21/2015 19:45:22.447:32478) : avc: denied { open } for pid=12270 comm=addconn path=/etc/ipsec.d/v6neighbor-hole.conf dev="sda5" ino=4197946 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file | |
bz1245846:15:type=AVC msg=audit(07/21/2015 19:45:22.447:32478) : avc: denied { read } for pid=12270 comm=addconn name=v6neighbor-hole.conf dev="sda5" ino=4197946 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file | |
bz1245846:16:type=AVC msg=audit(07/21/2015 19:45:22.447:32479) : avc: denied { ioctl } for pid=12270 comm=addconn path=/etc/ipsec.d/v6neighbor-hole.conf dev="sda5" ino=4197946 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file | |
bz1245846:17:type=AVC msg=audit(07/21/2015 19:45:22.447:32480) : avc: denied { getattr } for pid=12270 comm=addconn path=/etc/ipsec.d/v6neighbor-hole.conf dev="sda5" ino=4197946 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_key_file_t:s0 tclass=file | |
bz1245846:18:type=AVC msg=audit(07/21/2015 19:45:22.534:32481) : avc: denied { getattr } for pid=12287 comm=ls path=/usr/lib/modules/3.10.0-229.7.2.el7.x86_64/kernel/arch/x86/crypto/ablk_helper.ko dev="sda5" ino=3803379 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=file | |
bz1245846:19:type=AVC msg=audit(07/21/2015 19:45:23.159:32482) : avc: denied { execute } for pid=12515 comm=ipsec name=setfiles dev="sda5" ino=2886252 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file | |
bz1245846:20:type=AVC msg=audit(07/21/2015 19:45:23.159:32483) : avc: denied { getattr } for pid=12515 comm=ipsec path=/usr/sbin/setfiles dev="sda5" ino=2886252 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file | |
bz1245846:21:type=AVC msg=audit(07/21/2015 19:45:23.159:32484) : avc: denied { read } for pid=12515 comm=ipsec name=setfiles dev="sda5" ino=2886252 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file | |
bz1245846:22:type=AVC msg=audit(07/21/2015 19:45:23.160:32485) : avc: denied { execute_no_trans } for pid=12521 comm=ipsec path=/usr/sbin/setfiles dev="sda5" ino=2886252 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file | |
bz1245846:23:type=AVC msg=audit(07/21/2015 19:45:23.160:32485) : avc: denied { open } for pid=12521 comm=ipsec path=/usr/sbin/setfiles dev="sda5" ino=2886252 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file | |
bz1245846:24:type=AVC msg=audit(07/21/2015 19:45:23.219:32486) : avc: denied { execute } for pid=12523 comm=ipsec name=pluto dev="sda5" ino=4723870 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_exec_t:s0 tclass=file | |
bz1245846:25:type=AVC msg=audit(07/21/2015 19:45:23.220:32487) : avc: denied { execute_no_trans } for pid=12523 comm=ipsec path=/usr/libexec/ipsec/pluto dev="sda5" ino=4723870 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_exec_t:s0 tclass=file | |
bz1245846:26:type=AVC msg=audit(07/21/2015 19:45:23.220:32487) : avc: denied { read open } for pid=12523 comm=ipsec path=/usr/libexec/ipsec/pluto dev="sda5" ino=4723870 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_exec_t:s0 tclass=file | |
bz1245846:27:type=AVC msg=audit(07/21/2015 19:45:23.299:32488) : avc: denied { setpcap } for pid=12524 comm=pluto capability=setpcap scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=capability | |
bz1245846:28:type=AVC msg=audit(07/21/2015 19:45:23.449:32489) : avc: denied { getattr } for pid=12527 comm=fipscheck path=/usr/libexec/ipsec/pluto dev="sda5" ino=4723870 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ipsec_exec_t:s0 tclass=file | |
bz1245846:29:type=AVC msg=audit(07/21/2015 19:45:23.599:32490) : avc: denied { create } for pid=12524 comm=pluto scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_xfrm_socket | |
bz1245846:30:type=AVC msg=audit(07/21/2015 19:45:23.599:32491) : avc: denied { bind } for pid=12524 comm=pluto scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_xfrm_socket | |
bz1245846:31:type=AVC msg=audit(07/21/2015 19:45:23.599:32492) : avc: denied { create } for pid=12524 comm=pluto scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=key_socket | |
bz1245846:34:type=AVC msg=audit(07/21/2015 19:45:24.721:32500) : avc: denied { nlmsg_write } for pid=12524 comm=pluto scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=netlink_xfrm_socket | |
bz1249685:1:type=AVC msg=audit(1438557558.744:717): avc: denied { execmem } for pid=6120 comm="nova-api" scontext=system_u:system_r:nova_api_t:s0 tcontext=system_u:system_r:nova_api_t:s0 tclass=process | |
bz1249685:2:type=AVC msg=audit(1442850911.498:7799): avc: denied { execmem } for pid=14619 comm="nova-consoleaut" scontext=system_u:system_r:nova_console_t:s0 tcontext=system_u:system_r:nova_console_t:s0 tclass=process | |
bz1249685:3:type=AVC msg=audit(1442850913.426:7801): avc: denied { execmem } for pid=14658 comm="nova-scheduler" scontext=system_u:system_r:nova_scheduler_t:s0 tcontext=system_u:system_r:nova_scheduler_t:s0 tclass=process | |
bz1249685:4:type=AVC msg=audit(1442850920.205:7861): avc: denied { execmem } for pid=14843 comm="nova-cert" scontext=system_u:system_r:nova_cert_t:s0 tcontext=system_u:system_r:nova_cert_t:s0 tclass=process | |
bz1249685:5:type=AVC msg=audit(1442850976.792:8446): avc: denied { execmem } for pid=15791 comm="neutron-openvsw" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=process | |
bz1249685:6:type=AVC msg=audit(1442851152.972:10390): avc: denied { execmem } for pid=19455 comm="swift-account-r" scontext=system_u:system_r:swift_t:s0 tcontext=system_u:system_r:swift_t:s0 tclass=process | |
bz1249685:7:type=AVC msg=audit(1443559246.289:2232): avc: denied { execmem } for pid=13729 comm="keystone-all" scontext=system_u:system_r:keystone_t:s0 tcontext=system_u:system_r:keystone_t:s0 tclass=process | |
bz1259419:1:type=AVC msg=audit(1441204057.176:32748): avc: denied { name_connect } for pid=23947 comm="ovsdb-server" dest=6632 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1259419:2:type=AVC msg=audit(1441204364.388:32861): avc: denied { getattr } for pid=23982 comm="system_stats4" path="/srv/node/swiftloopback" dev="loop0" ino=2 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:swift_data_t:s0 tclass=dir | |
bz1259419:3:type=AVC msg=audit(1441204354.383:32858): avc: denied { search } for pid=23982 comm="system_stats4" name="node" dev="sda1" ino=42410035 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:swift_data_t:s0 tclass=dir | |
bz1278430:1:type=AVC msg=audit(1446728340.533:70764): avc: denied { getattr } for pid=14829 comm="sh" path="/usr/bin/systemctl" dev="sda1" ino=662168 scontext=system_u:system_r:keepalived_t:s0 tcontext=unconfined_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1280083:1:type=AVC msg=audit(1447193408.754:426): avc: denied { search } for pid=26870 comm="neutron-server" name="httpd" dev="sda1" ino=793777 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir | |
bz1283674:1:type=AVC msg=audit(1449393248.423:8265): avc: denied { read } for pid=3486 comm="sshd" name="lastlog" dev="sda2" ino=365978 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cluster_var_log_t:s0 tclass=file | |
bz1283674:2:type=AVC msg=audit(1449393248.424:8266): avc: denied { read write } for pid=3486 comm="sshd" name="lastlog" dev="sda2" ino=365978 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cluster_var_log_t:s0 tclass=file | |
bz1283674:3:type=AVC msg=audit(1449393989.852:9113): avc: denied { read write } for pid=26966 comm="useradd" name="lastlog" dev="sda2" ino=365978 scontext=unconfined_u:unconfined_r:useradd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cluster_var_log_t:s0 tclass=file | |
bz1284268:4:type=AVC msg=audit(1448951011.112:6524): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/gpg2" dev="vda1" ino=8726408 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:gpg_exec_t:s0 tclass=file | |
bz1284268:5:type=AVC msg=audit(1448951011.115:6531): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/loadkeys" dev="vda1" ino=9012486 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:loadkeys_exec_t:s0 tclass=file | |
bz1284268:6:type=AVC msg=audit(1448951011.112:6525): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/gpg-agent" dev="vda1" ino=8726405 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:gpg_agent_exec_t:s0 tclass=file | |
bz1284268:7:type=AVC msg=audit(1448951011.131:6564): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/ssh" dev="vda1" ino=9105682 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file | |
bz1284268:8:type=AVC msg=audit(1448951011.111:6520): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/glance-api" dev="vda1" ino=8432897 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_api_exec_t:s0 tclass=file | |
bz1284268:9:type=AVC msg=audit(1448951011.131:6567): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/ssh-keygen" dev="vda1" ino=8828136 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ssh_keygen_exec_t:s0 tclass=file | |
bz1284268:10:type=AVC msg=audit(1448951011.132:6574): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/systemd-notify" dev="vda1" ino=8863645 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:systemd_notify_exec_t:s0 tclass=file | |
bz1284268:11:type=AVC msg=audit(1448951011.111:6519): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/fusermount" dev="vda1" ino=8450187 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fusermount_exec_t:s0 tclass=file | |
bz1284268:12:type=AVC msg=audit(1448951011.125:6556): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/ping" dev="vda1" ino=8864122 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ping_exec_t:s0 tclass=file | |
bz1284268:13:type=AVC msg=audit(1448951011.108:6512): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/consolehelper" dev="vda1" ino=8828133 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:consolehelper_exec_t:s0 tclass=file | |
bz1284268:14:type=AVC msg=audit(1448951011.120:6552): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/numad" dev="vda1" ino=8450068 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:numad_exec_t:s0 tclass=file | |
bz1284268:15:type=AVC msg=audit(1448951011.133:6577): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/teamd" dev="vda1" ino=9012036 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:NetworkManager_exec_t:s0 tclass=file | |
bz1284268:16:type=AVC msg=audit(1448951011.107:6507): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/cinder-api" dev="vda1" ino=8431377 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:cinder_api_exec_t:s0 tclass=file | |
bz1284268:17:type=AVC msg=audit(1448951011.120:6542): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/nova-api" dev="vda1" ino=8432929 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:nova_exec_t:s0 tclass=file | |
bz1284268:18:type=AVC msg=audit(1448951011.112:6522): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/glance-scrubber" dev="vda1" ino=8432907 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_scrubber_exec_t:s0 tclass=file | |
bz1284268:19:type=AVC msg=audit(1448951011.109:6514): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/dbus-daemon" dev="vda1" ino=8864111 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:dbusd_exec_t:s0 tclass=file | |
bz1284268:20:type=AVC msg=audit(1448951011.107:6508): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/cinder-backup" dev="vda1" ino=8431378 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:cinder_backup_exec_t:s0 tclass=file | |
bz1284268:21:type=AVC msg=audit(1448951011.133:6576): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/systemd-tty-ask-password-agent" dev="vda1" ino=8863715 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:systemd_passwd_agent_exec_t:s0 tclass=file | |
bz1284268:22:type=AVC msg=audit(1448951011.110:6517): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/hostname" dev="vda1" ino=8508494 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file | |
bz1284268:23:type=AVC msg=audit(1448951011.118:6537): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/mysql_upgrade" dev="vda1" ino=9153055 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:mysqld_exec_t:s0 tclass=file | |
bz1284268:24:type=AVC msg=audit(1448951011.119:6538): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/mysqld_safe" dev="vda1" ino=9153058 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:mysqld_safe_exec_t:s0 tclass=file | |
bz1284268:25:type=AVC msg=audit(1448951011.107:6509): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/cinder-scheduler" dev="vda1" ino=8431382 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:cinder_scheduler_exec_t:s0 tclass=file | |
bz1284268:26:type=AVC msg=audit(1448951011.114:6530): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/keystone-all" dev="vda1" ino=8424313 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:keystone_exec_t:s0 tclass=file | |
bz1284268:27:type=AVC msg=audit(1448951011.129:6562): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/rhsmcertd" dev="vda1" ino=9093995 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:rhsmcertd_exec_t:s0 tclass=file | |
bz1284268:28:type=AVC msg=audit(1448951011.107:6503): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/chage" dev="vda1" ino=8726785 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:passwd_exec_t:s0 tclass=file | |
bz1284268:29:type=AVC msg=audit(1448951011.109:6513): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/crontab" dev="vda1" ino=8864176 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:crontab_exec_t:s0 tclass=file | |
bz1284268:30:type=AVC msg=audit(1448951011.114:6529): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/kdumpctl" dev="vda1" ino=9019840 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:kdumpctl_exec_t:s0 tclass=file | |
bz1284268:31:type=AVC msg=audit(1448951011.107:6504): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/checkpolicy" dev="vda1" ino=8508690 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:checkpolicy_exec_t:s0 tclass=file | |
bz1284268:32:type=AVC msg=audit(1448951011.132:6573): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/systemctl" dev="vda1" ino=8863630 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file | |
bz1284268:33:type=AVC msg=audit(1448951011.107:6510): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/cinder-volume" dev="vda1" ino=8431383 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:cinder_volume_exec_t:s0 tclass=file | |
bz1284268:34:type=AVC msg=audit(1448951011.131:6566): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/ssh-agent" dev="vda1" ino=9105684 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:ssh_agent_exec_t:s0 tclass=file | |
bz1284268:35:type=AVC msg=audit(1448951011.117:6536): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/mount" dev="vda1" ino=8727102 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:mount_exec_t:s0 tclass=file | |
bz1284268:36:type=AVC msg=audit(1448951011.116:6533): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/sbin/sendmail.postfix" dev="vda1" ino=18058164 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:sendmail_exec_t:s0 tclass=file | |
bz1284268:37:type=AVC msg=audit(1448951011.125:6558): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/pkla-check-authorization" dev="vda1" ino=8864169 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:policykit_auth_exec_t:s0 tclass=file | |
bz1284268:38:type=AVC msg=audit(1448951011.131:6569): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/start-puppet-master" dev="vda1" ino=8603451 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:puppetmaster_exec_t:s0 tclass=file | |
bz1284268:39:type=AVC msg=audit(1448951011.128:6559): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/qemu-ga" dev="vda1" ino=9010855 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:virt_qemu_ga_exec_t:s0 tclass=file | |
bz1284268:40:type=AVC msg=audit(1448951011.130:6563): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/rsync" dev="vda1" ino=9093971 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:rsync_exec_t:s0 tclass=file | |
bz1284268:41:type=AVC msg=audit(1448951011.112:6521): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/glance-registry" dev="vda1" ino=8432905 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:glance_registry_exec_t:s0 tclass=file | |
bz1284268:42:type=AVC msg=audit(1448951011.132:6575): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/systemd-tmpfiles" dev="vda1" ino=8863714 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:systemd_tmpfiles_exec_t:s0 tclass=file | |
bz1284268:43:type=AVC msg=audit(1448951011.120:6545): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/nova-compute" dev="vda1" ino=8450616 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:virtd_exec_t:s0 tclass=file | |
bz1284268:44:type=AVC msg=audit(1448951011.124:6554): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/pinentry" dev="vda1" ino=8508683 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:pinentry_exec_t:s0 tclass=file | |
bz1284268:45:type=AVC msg=audit(1448951011.134:6582): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/vlock" dev="vda1" ino=9012544 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:vlock_exec_t:s0 tclass=file | |
bz1284268:46:type=AVC msg=audit(1448951011.109:6515): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/debuginfo-install" dev="vda1" ino=9105827 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:debuginfo_exec_t:s0 tclass=file | |
bz1284268:47:type=AVC msg=audit(1448951011.108:6511): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/cloud-init" dev="vda1" ino=9012592 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:cloud_init_exec_t:s0 tclass=file | |
bz1284268:48:type=AVC msg=audit(1448951011.115:6532): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/login" dev="vda1" ino=8727094 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:login_exec_t:s0 tclass=file | |
bz1284268:49:type=AVC msg=audit(1448951011.112:6523): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/gpasswd" dev="vda1" ino=8726786 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=file | |
bz1284268:50:type=AVC msg=audit(1448951011.134:6581): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/virsh" dev="vda1" ino=8450163 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:virsh_exec_t:s0 tclass=file | |
bz1284268:51:type=AVC msg=audit(1448951011.107:6505): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/chfn" dev="vda1" ino=8727038 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:chfn_exec_t:s0 tclass=file | |
bz1284268:52:type=AVC msg=audit(1448951011.110:6516): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/dmesg" dev="vda1" ino=8727077 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:dmesg_exec_t:s0 tclass=file | |
bz1284268:53:type=AVC msg=audit(1448951011.114:6528): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/journalctl" dev="vda1" ino=8863625 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file | |
bz1284268:54:type=AVC msg=audit(1448951011.132:6570): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/su" dev="vda1" ino=8727117 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:su_exec_t:s0 tclass=file | |
bz1284268:55:type=AVC msg=audit(1448951011.128:6560): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/raw" dev="vda1" ino=8727107 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:fsadm_exec_t:s0 tclass=file | |
bz1284268:56:type=AVC msg=audit(1448951011.116:6535): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/mandb" dev="vda1" ino=9105719 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:mandb_exec_t:s0 tclass=file | |
bz1284268:57:type=AVC msg=audit(1448951011.133:6578): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/tracepath" dev="vda1" ino=8864124 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:traceroute_exec_t:s0 tclass=file | |
bz1284268:58:type=AVC msg=audit(1448951011.131:6568): avc: denied { getattr } for pid=15862 comm="neutron-server" path="/usr/bin/start-puppet-agent" dev="vda1" ino=8603122 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:puppetagent_exec_t:s0 tclass=file | |
bz1284268:59:type=AVC msg=audit(1452407258.308:8890): avc: denied { name_bind } for pid=25077 comm="ovsdb-server" src=6640 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:ovsdb_port_t:s0 tclass=tcp_socket | |
bz1284672:1:type=AVC msg=audit(1448300619.049:156): avc: denied { write } for pid=30790 comm="mysqld_safe" path="/tmp/tmp.3eZRnSANSZ" dev="sda2" ino=26429760 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:cluster_tmp_t:s0 tclass=file | |
bz1284672:2:type=AVC msg=audit(1448300621.547:157): avc: denied { read } for pid=31659 comm="mysqld_safe" name="cores" dev="sda2" ino=26693278 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=dir | |
bz1302312:1:type=AVC msg=audit(1453889488.386:89570): avc: denied { execute } for pid=8553 comm="swift-object-re" name="rsync" dev="sda2" ino=2006949 scontext=system_u:system_r:swift_t:s0 tcontext=unconfined_u:object_r:rsync_exec_t:s0 tclass=file | |
bz1306525:1:type=AVC msg=audit(1455113474.656:285): avc: denied { name_connect } for pid=3197 comm="glance-registry" dest=5000 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socket | |
bz1310383:1:type=AVC msg=audit(1456022999.334:8375): avc: denied { name_connect } for pid=5673 comm="ovs-vswitchd" dest=55 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket | |
bz1313617:1:type=AVC msg=audit(1456857432.481:34143): avc: denied { getattr } for pid=91939 comm="glance-api" name="/" dev="tmpfs" ino=1236 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem | |
bz1315457:1:type=AVC msg=audit(1457378892.760:805): avc: denied { add_name } for pid=21776 comm="httpd" name="nova-api.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nova_log_t:s0 tclass=dir | |
bz1315457:2:type=AVC msg=audit(1457378892.760:805): avc: denied { write } for pid=21776 comm="httpd" name="nova" dev="vda1" ino=310432274 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nova_log_t:s0 tclass=dir | |
bz1315457:3:type=AVC msg=audit(1457378892.760:805): avc: denied { create } for pid=21776 comm="httpd" name="nova-api.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nova_log_t:s0 tclass=file | |
bz1315457:4:type=AVC msg=audit(1457450838.6:501): avc: denied { name_bind } for pid=23197 comm="httpd" src=8774 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:osapi_compute_port_t:s0 tclass=tcp_socket | |
bz1325623:1:type=AVC msg=audit(1460257814.82:8553): avc: denied { open } for pid=14325 comm="httpd" path="/var/log/cinder/cinder-api.log" dev="vda1" ino=318834799 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:cinder_log_t:s0 tclass=file | |
bz1325623:2:type=AVC msg=audit(1460418646.779:3276): avc: denied { write } for pid=2209 comm="httpd" name="cinder" dev="vda1" ino=117531620 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cinder_log_t:s0 tclass=dir | |
bz1325623:3:type=AVC msg=audit(1460418573.405:3254): avc: denied { add_name } for pid=2191 comm="httpd" name="cinder" dev="vda1" ino=117531620 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cinder_log_t:s0 tclass=dir | |
bz1325623:4:type=AVC msg=audit(1460489301.63:483): avc: denied { create } for pid=14118 comm="httpd" name="cinder-api.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:cinder_log_t:s0 tclass=file | |
bz1327609:1:type=AVC msg=audit(1460720246.797:113659): avc: denied { name_connect } for pid=14974 comm="keystone-all" dest=11211 scontext=system_u:system_r:keystone_t:s0 tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket | |
bz1351336:1:type=AVC msg=audit(1467223302.024:526): avc: denied { signull } for pid=21579 comm="keepalived" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=process | |
bz1357961:1:type=AVC msg=audit(1468946225.187:10125): avc: denied { name_bind } for pid=18325 comm="neutron-openvsw" src=6633 scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:object_r:openflow_port_t:s0 tclass=tcp_socket | |
bz1362609:1:type=AVC msg=audit(1469800130.190:99833): avc: denied { name_connect } for pid=17120 comm="glance-registry" dest=11211 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket | |
bz1372453:1:type=AVC msg=audit(1472750796.213:4956): avc: denied { name_connect } for pid=17529 comm="ovs-vswitchd" dest=5938 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket | |
bz1375766:1:type=AVC msg=audit(1473797650.030:230): avc: denied { open } for pid=28146 comm="virtlogd" path="/var/lib/nova/instances/c6bea1b7-a9f0-401f-9153-212b4cf26a4f/console.log" dev="sda2" ino=1064491 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nova_var_lib_t:s0 tclass=file | |
bz1375766:2:type=AVC msg=audit(1473797470.584:152): avc: denied { search } for pid=28146 comm="virtlogd" name="nova" dev="sda2" ino=67147 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:nova_var_lib_t:s0 tclass=dir | |
bz1375766:3:type=AVC msg=audit(1473797650.030:231): avc: denied { getattr } for pid=28146 comm="virtlogd" path="/var/lib/nova/instances/c6bea1b7-a9f0-401f-9153-212b4cf26a4f/console.log" dev="sda2" ino=1064491 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nova_var_lib_t:s0 tclass=file | |
bz1375766:4:type=AVC msg=audit(1473797650.030:230): avc: denied { search } for pid=28146 comm="virtlogd" name="c6bea1b7-a9f0-401f-9153-212b4cf26a4f" dev="sda2" ino=1064483 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nova_var_lib_t:s0 tclass=dir | |
bz1375766:5:type=AVC msg=audit(1473797650.030:230): avc: denied { append } for pid=28146 comm="virtlogd" name="console.log" dev="sda2" ino=1064491 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nova_var_lib_t:s0 tclass=file | |
bz1377272:1:type=AVC msg=audit(1474294984.518:10089): avc: denied { dac_override } for pid=13229 comm="virtlogd" capability=1 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tclass=capability | |
bz1395240:1:type=AVC msg=audit(1479212822.497:463): avc: denied { create } for pid=4322 comm="glance-api" name="privsep.sock" scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:glance_tmp_t:s0 tclass=sock_file | |
bz1413775:1:type=AVC msg=audit(1520795762.042:230): avc: denied { name_connect } for pid=3149 comm="2_scheduler" dest=4369 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket | |
bz1413775:2:type=AVC msg=audit(1520795761.442:226): avc: denied { name_bind } for pid=3161 comm="epmd" src=4369 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:epmd_port_t:s0 tclass=tcp_socket | |
bz1413775:3:type=AVC msg=audit(1520795942.068:312): avc: denied { name_connect } for pid=4264 comm="2_scheduler" dest=25672 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_port_t:s0 tclass=tcp_socket | |
bz1413775:4:type=AVC msg=audit(1520795761.195:224): avc: denied { read } for pid=3137 comm="async_1" name="rabbitmq" dev="vda1" ino=50372751 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=dir | |
bz1413775:5:type=AVC msg=audit(1520795821.201:252): avc: denied { write } for pid=3650 comm="async_1" name="rabbitmq" dev="vda1" ino=50372751 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=dir | |
bz1413775:6:type=AVC msg=audit(1520795761.142:223): avc: denied { getattr } for pid=3111 comm="rabbitmqctl" path="/var/lib/rabbitmq/mnesia/rabbit@openstack.pid" dev="vda1" ino=33616151 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file | |
bz1413775:7:type=AVC msg=audit(1520795761.514:227): avc: denied { read } for pid=3171 comm="async_8" name=".erlang.cookie" dev="vda1" ino=50372733 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file | |
bz1413775:8:type=AVC msg=audit(1520795761.514:228): avc: denied { open } for pid=3172 comm="async_9" path="/var/lib/rabbitmq/.erlang.cookie" dev="vda1" ino=50372733 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rabbitmq_var_lib_t:s0 tclass=file | |
bz1430402:1:type=AVC msg=audit(1490708508.568:4786): avc: denied { search } for pid=428106 comm="nova-api" name="my.cnf.d" dev="vda2" ino=866 scontext=system_u:system_r:nova_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=dir | |
bz1430402:2:type=AVC msg=audit(1490708839.879:4915): avc: denied { search } for pid=470231 comm="nova-scheduler" name="my.cnf.d" dev="vda2" ino=866 scontext=system_u:system_r:nova_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=dir | |
bz1430402:3:type=AVC msg=audit(1490708833.260:4883): avc: denied { search } for pid=470038 comm="nova-conductor" name="my.cnf.d" dev="vda2" ino=866 scontext=system_u:system_r:nova_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=dir | |
bz1430402:4:type=AVC msg=audit(1490709327.031:5296): avc: denied { search } for pid=430212 comm="glance-api" name="my.cnf.d" dev="vda2" ino=866 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=dir | |
bz1430402:5:type=AVC msg=audit(1490708842.508:4919): avc: denied { search } for pid=470319 comm="nova-consoleaut" name="my.cnf.d" dev="vda2" ino=866 scontext=system_u:system_r:nova_t:s0 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=dir | |
bz1431556:1:type=AVC msg=audit(1491476260.819:468): avc: denied { net_raw } for pid=16208 comm="ovs-vswitchd" capability=13 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=capability | |
bz1431556:2:type=AVC msg=audit(1491476260.819:469): avc: denied { setopt } for pid=16208 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=packet_socket | |
bz1431556:3:type=AVC msg=audit(1491476260.819:470): avc: denied { bind } for pid=16208 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=packet_socket | |
bz1431556:4:type=AVC msg=audit(1491476260.819:468): avc: denied { create } for pid=16208 comm="ovs-vswitchd" scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:system_r:openvswitch_t:s0 tclass=packet_socket | |
bz1431556:6:type=AVC msg=audit(1491737286.265:1005): avc: denied { search } for pid=21524 comm="ovs-vswitchd" name="vhost_sockets" dev="sda2" ino=13749162 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir | |
bz1431556:7:type=AVC msg=audit(1491737286.491:1014): avc: denied { create } for pid=41979 comm="qemu-kvm" name="vhuda2153ef-bb" scontext=system_u:system_r:svirt_t:s0:c196,c856 tcontext=system_u:object_r:virt_cache_t:s0 tclass=sock_file | |
bz1431556:8:type=AVC msg=audit(1491737298.403:1054): avc: denied { create } for pid=42061 comm="qemu-kvm" name="vhuda2153ef-bb" scontext=system_u:system_r:svirt_t:s0:c485,c1012 tcontext=system_u:object_r:virt_cache_t:s0 tclass=sock_file | |
bz1431556:9:type=AVC msg=audit(1492005897.842:867): avc: denied { search } for pid=32747 comm="ovs-vswitchd" name="vhost_sockets" dev="sda2" ino=13912914 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:virt_cache_t:s0 tclass=dir | |
bz1434826:1:type=AVC msg=audit(1521755700.743:68): avc: denied { entrypoint } for pid=1528 comm="(ip)" path="/usr/sbin/ip" dev="vda1" ino=36286 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1434826:2:type=AVC msg=audit(1521755700.847:73): avc: denied { write } for pid=1529 comm="keepalived" name="vrrp" dev="vda1" ino=535343 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir | |
bz1434826:3:type=AVC msg=audit(1521755700.847:73): avc: denied { add_name } for pid=1529 comm="keepalived" name="octavia-keepalived.pid" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir | |
bz1434826:4:type=AVC msg=audit(1521755700.847:73): avc: denied { create } for pid=1529 comm="keepalived" name="octavia-keepalived.pid" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:5:type=AVC msg=audit(1521755700.913:75): avc: denied { execute } for pid=1534 comm="sh" name="check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:6:type=AVC msg=audit(1521755700.913:75): avc: denied { execute_no_trans } for pid=1534 comm="sh" path="/var/lib/octavia/vrrp/check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:7:type=AVC msg=audit(1521755700.914:76): avc: denied { ioctl } for pid=1534 comm="sh" path="/var/lib/octavia/vrrp/check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:8:type=AVC msg=audit(1521756001.706:137): avc: denied { mounton } for pid=1765 comm="ip" path="/run/netns" dev="tmpfs" ino=18861 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir | |
bz1434826:9:type=AVC msg=audit(1521756001.760:138): avc: denied { mounton } for pid=1766 comm="ip" path="/sys" dev="vda1" ino=2881 scontext=system_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir | |
bz1434826:10:type=AVC msg=audit(1521756001.762:139): avc: denied { mounton } for pid=1766 comm="ip" path="/etc/sysconfig" dev="vda1" ino=446 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1434826:11:type=AVC msg=audit(1521756001.794:140): avc: denied { write } for pid=1766 comm="sysctl" name="ptrace_scope" dev="proc" ino=8640 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file | |
bz1434826:12:type=AVC msg=audit(1521756001.794:141): avc: denied { sys_ptrace } for pid=1766 comm="sysctl" capability=19 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability | |
bz1434826:13:type=AVC msg=audit(1521756001.797:142): avc: denied { getattr } for pid=1766 comm="sysctl" path="/proc/sys/fs/protected_hardlinks" dev="proc" ino=8670 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:proc_security_t:s0 tclass=file | |
bz1434826:14:type=AVC msg=audit(1521756001.797:143): avc: denied { write } for pid=1766 comm="sysctl" name="protected_hardlinks" dev="proc" ino=8670 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:proc_security_t:s0 tclass=file | |
bz1434826:15:type=AVC msg=audit(1521756001.797:143): avc: denied { open } for pid=1766 comm="sysctl" path="/proc/sys/fs/protected_hardlinks" dev="proc" ino=8670 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:proc_security_t:s0 tclass=file | |
bz1434826:16:type=AVC msg=audit(1521756001.799:144): avc: denied { getattr } for pid=1766 comm="sysctl" path="/proc/sys/fs/file-max" dev="proc" ino=11686 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file | |
bz1434826:17:type=AVC msg=audit(1521756001.800:145): avc: denied { write } for pid=1766 comm="sysctl" name="file-max" dev="proc" ino=11686 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file | |
bz1434826:18:type=AVC msg=audit(1521756001.800:145): avc: denied { open } for pid=1766 comm="sysctl" path="/proc/sys/fs/file-max" dev="proc" ino=11686 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file | |
bz1434826:19:type=AVC msg=audit(1521756002.536:147): avc: denied { read } for pid=1859 comm="haproxy" name="haproxy.cfg" dev="vda1" ino=537368 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:20:type=AVC msg=audit(1521756002.536:147): avc: denied { open } for pid=1859 comm="haproxy" path="/var/lib/octavia/90723fd2-3dc8-4488-8078-899be972eec3/haproxy.cfg" dev="vda1" ino=537368 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:21:type=AVC msg=audit(1521756002.536:148): avc: denied { getattr } for pid=1859 comm="haproxy" path="/var/lib/octavia/90723fd2-3dc8-4488-8078-899be972eec3/haproxy.cfg" dev="vda1" ino=537368 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:22:type=AVC msg=audit(1521756002.573:150): avc: denied { entrypoint } for pid=1860 comm="(ip)" path="/usr/sbin/ip" dev="vda1" ino=36286 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1434826:23:type=AVC msg=audit(1521756002.580:151): avc: denied { read } for pid=1860 comm="ip" path="/usr/sbin/ip" dev="vda1" ino=36286 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file | |
bz1434826:24:type=AVC msg=audit(1521756002.596:152): avc: denied { mounton } for pid=1860 comm="ip" path="/" dev="vda1" ino=2 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir | |
bz1434826:25:type=AVC msg=audit(1521756002.596:154): avc: denied { mounton } for pid=1860 comm="ip" path="/sys" dev="vda1" ino=2881 scontext=system_u:system_r:haproxy_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir | |
bz1434826:26:type=AVC msg=audit(1521756002.597:155): avc: denied { mounton } for pid=1860 comm="ip" path="/etc/sysconfig" dev="vda1" ino=446 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir | |
bz1434826:27:type=AVC msg=audit(1521756002.621:156): avc: denied { create } for pid=1862 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock.1862.tmp" scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:28:type=AVC msg=audit(1521756002.626:157): avc: denied { setattr } for pid=1862 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock.1862.tmp" dev="vda1" ino=537381 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:29:type=AVC msg=audit(1521756002.626:158): avc: denied { rename } for pid=1862 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock.1862.tmp" dev="vda1" ino=537381 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:30:type=AVC msg=audit(1521756002.651:159): avc: denied { write } for pid=1862 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock" dev="vda1" ino=537381 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:31:type=AVC msg=audit(1521756005.967:160): avc: denied { execute } for pid=1867 comm="sh" name="check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:32:type=AVC msg=audit(1521756005.967:160): avc: denied { execute_no_trans } for pid=1867 comm="sh" path="/var/lib/octavia/vrrp/check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:33:type=AVC msg=audit(1521756005.968:161): avc: denied { ioctl } for pid=1867 comm="sh" path="/var/lib/octavia/vrrp/check_script.sh" dev="vda1" ino=537359 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1434826:34:type=AVC msg=audit(1521756006.438:162): avc: denied { write } for pid=1869 comm="haproxy-vrrp-ch" name="90723fd2-3dc8-4488-8078-899be972eec3.sock" dev="vda1" ino=537381 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:35:type=AVC msg=audit(1521756015.580:163): avc: denied { entrypoint } for pid=1899 comm="(kill)" path="/usr/bin/kill" dev="vda1" ino=20196 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file | |
bz1434826:36:type=AVC msg=audit(1521756015.616:164): avc: denied { link } for pid=1900 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock" dev="vda1" ino=537381 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1434826:37:type=AVC msg=audit(1521756015.626:165): avc: denied { unlink } for pid=1900 comm="haproxy" name="90723fd2-3dc8-4488-8078-899be972eec3.sock" dev="vda1" ino=537381 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file | |
bz1437684:1:type=AVC msg=audit(1490770503.768:2446): avc: denied { open } for pid=16990 comm="httpd" path="/var/log/barbican/api.log" dev="vda1" ino=5772151 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file | |
bz1452418:1:type=AVC msg=audit(1495149503.842:3417): avc: denied { name_connect } for pid=24486 comm="glance-api" dest=35357 scontext=system_u:system_r:glance_api_t:s0 tcontext=system_u:object_r:keystone_port_t:s0 tclass=tcp_socket | |
bz1466444:1:type=AVC msg=audit(1498672139.870:5641): avc: denied { associate } for pid=365129 comm="httpd" name="gnocchiUvHVPC" scontext=system_u:object_r:httpd_var_lib_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=filesystem | |
bz1478176:1:type=AVC msg=audit(1501609484.063:13177): avc: denied { open } for pid=10111 comm="httpd" path="/var/lib/keystone/.local/share/python_keyring/keyringrc.cfg" dev="dm-0" ino=396418 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:keystone_var_lib_t:s0 tclass=file | |
bz1478176:2:type=AVC msg=audit(1501609484.063:13177): avc: denied { read } for pid=10111 comm="httpd" name="keyringrc.cfg" dev="dm-0" ino=396418 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:keystone_var_lib_t:s0 tclass=file | |
bz1542107:1:type=AVC msg=audit(1517841541.153:650): avc: denied { read write } for pid=7168 comm="vhost_thread2" path=2F6D656D66643A76686F73742D6C6F67202864656C6574656429 dev="tmpfs" ino=324410 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:svirt_tmpfs_t:s0 tclass=file | |
bz1547197:1:type=AVC msg=audit(1519144859.347:11041): avc: denied { setpgid } for pid=844370 comm="dibbler-client" scontext=system_u:system_r:neutron_t:s0 tcontext=system_u:system_r:neutron_t:s0 tclass=process | |
bz1554964:1:type=AVC msg=audit(1520957807.128:122131): avc: denied { name_bind } for pid=2715 comm="ovsdb-server" src=6640 scontext=system_u:system_r:openvswitch_t:s0 tcontext=system_u:object_r:ovsdb_port_t:s0 tclass=tcp_socket | |
bz1558465:1:type=AVC msg=audit(1521626242.055:83): avc: denied { read } for pid=1443 comm="collectd" name="lock" dev="dm-3" ino=137 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=lnk_file | |
bz1558465:2:type=AVC msg=audit(1521626242.055:83): avc: denied { write } for pid=1443 comm="collectd" name="lock" dev="tmpfs" ino=9300 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir | |
bz1558465:3:type=AVC msg=audit(1521626242.055:83): avc: denied { add_name } for pid=1443 comm="collectd" name="libpqos" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir | |
bz1558465:4:type=AVC msg=audit(1521626242.055:83): avc: denied { create } for pid=1443 comm="collectd" name="libpqos" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file | |
bz1558465:5:type=AVC msg=audit(1521626242.055:84): avc: denied { lock } for pid=1443 comm="collectd" path="/run/lock/libpqos" dev="tmpfs" ino=23152 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file | |
bz1558465:6:type=AVC msg=audit(1521629666.167:1293): avc: denied { open } for pid=20204 comm="collectd" path="/run/lock/libpqos" dev="tmpfs" ino=23152 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file | |
bz1558465:7:type=AVC msg=audit(1521629666.169:1295): avc: denied { read write } for pid=20204 comm="collectd" name="msr" dev="devtmpfs" ino=1108 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:cpu_device_t:s0 tclass=chr_file | |
bz1558465:8:type=AVC msg=audit(1521629666.169:1295): avc: denied { open } for pid=20204 comm="collectd" path="/dev/cpu/0/msr" dev="devtmpfs" ino=1108 scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:object_r:cpu_device_t:s0 tclass=chr_file | |
bz1566973:1:type=AVC msg=audit(1524017564.805:204): avc: denied { write } for pid=12021 comm="virtlogd" name="bec321f0-2651-4948-ac85-1845a91271a0" dev="0:39" ino=4197515 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir | |
bz1568993:1:type=AVC msg=audit(1523966763.994:1875): avc: denied { read } for pid=16973 comm="dnsmasq" name="52:54:00:7c:b5:00" dev="vda1" ino=113286649 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1568993:2:type=AVC msg=audit(1523990351.136:7706): avc: denied { getattr } for pid=31332 comm="dnsmasq" path="/var/lib/ironic-inspector/dhcp-hostsdir/52:54:00:6b:18:f3" dev="vda1" ino=113286651 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1568993:3:type=AVC msg=audit(1523990351.136:7707): avc: denied { getattr } for pid=8168 comm="dnsmasq" path="/var/lib/ironic-inspector/dhcp-hostsdir/52:54:00:7c:b5:00" dev="vda1" ino=114077529 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1568993:4:type=AVC msg=audit(1523990351.136:7708): avc: denied { open } for pid=8168 comm="dnsmasq" path="/var/lib/ironic-inspector/dhcp-hostsdir/52:54:00:7c:b5:00" dev="vda1" ino=114077529 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1568993:5:type=AVC msg=audit(1523990351.136:7709): avc: denied { read } for pid=8168 comm="dnsmasq" name="52:54:00:7c:b5:00" dev="vda1" ino=114077529 scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file | |
bz1652297:1:type=AVC msg=audit(1542830504.754:4792): avc: denied { read } for pid=1378 comm="swift-container" name="aae3e64f909b58ab302a0fbb385eff3f.db" dev="loop0" ino=20 scontext=system_u:system_r:swift_t:s0 tcontext=system_u:object_r:swift_data_t:s0 tclass=lnk_file | |
bz1671514:1:type=AVC msg=audit(1548880833.900:153941): avc: denied { name_connect } for pid=4841 comm="glance-registry" dest=13357 scontext=system_u:system_r:glance_registry_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket | |
bz1684885:1:type=AVC msg=audit(1551866885.134:39): avc: denied { getattr } for pid=1175 comm="sysctl" path="/proc/sys/kernel/core_pattern" dev="proc" ino=10947 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:usermodehelper_t:s0 tclass=file permissive=1 | |
bz1684885:2:type=AVC msg=audit(1551866885.136:40): avc: denied { write } for pid=1175 comm="sysctl" name="core_pattern" dev="proc" ino=10947 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:usermodehelper_t:s0 tclass=file permissive=1 | |
bz1684885:3:type=AVC msg=audit(1551866885.136:40): avc: denied { open } for pid=1175 comm="sysctl" path="/proc/sys/kernel/core_pattern" dev="proc" ino=10947 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:usermodehelper_t:s0 tclass=file permissive=1 | |
bz1684885:4:type=AVC msg=audit(1551866885.485:42): avc: denied { execute_no_trans } for pid=1286 comm="ip" path="/usr/sbin/keepalived" dev="vda1" ino=537483 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:keepalived_exec_t:s0 tclass=file permissive=1 | |
bz1684885:5:type=AVC msg=audit(1551867084.102:44): avc: denied { read } for pid=1376 comm="ip" dev="nsfs" ino=4026532223 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=file permissive=1 | |
bz1684885:6:type=AVC msg=audit(1551867084.102:44): avc: denied { open } for pid=1376 comm="ip" path="/run/netns/amphora-haproxy" dev="nsfs" ino=4026532223 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=file permissive=1 | |
bz1684885:7:type=AVC msg=audit(1551867108.032:46): avc: denied { map } for pid=1431 comm="kill" path="/usr/bin/kill" dev="vda1" ino=538254 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 | |
bz1684885:8:type=AVC msg=audit(1551867108.032:46): avc: denied { execute } for pid=1431 comm="kill" path="/usr/bin/kill" dev="vda1" ino=538254 scontext=system_u:system_r:haproxy_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=1 | |
bz1684885:9:type=AVC msg=audit(1551867168.534:47): avc: denied { create } for pid=1487 comm="keepalived" name="keepalived" scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir permissive=1 | |
bz1684885:10:type=AVC msg=audit(1551867168.535:48): avc: denied { mounton } for pid=1487 comm="keepalived" path="/run/keepalived" dev="tmpfs" ino=24185 scontext=system_u:system_r:keepalived_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir permissive=1 | |
Results: 770 total, 385 failed | |
Overall result: FAIL | |
Check /tmp/openstack-selinux-test.okiD3K/failed_info for more information | |
Removing OpenStack modules... | |
Relabeling files... | |
Reloading SELinux policies... | |
make: *** [Makefile:87: check] Error 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment