On 09/14/2015 03:26 AM, Tobias Florek wrote:
> Hi,
>
> I am getting the following AVCs on _one_ of the atomic hosts. This is on
> a slightly newer installation (a few weeks ago) than the other hosts,
> I don't know of any other difference between them.
>
> The logs are from a with enforcing=0 because it's a remote machine and
> I can't log in without ssh.
>
> type=AVC msg=audit(1442045142.791:158569): avc: denied { read } for
> pid=3358 comm="nslookup" name="resolv.conf" dev="dm-1" ino=95751
> scontext=system_u:system_r:svirt_lxc_net_t:s0:c411,c700
> tcontext=system_u:object_r:svirt_sandbox_file_t:s0:c722,c900 tclass=file
> permissive=1
> type=AVC msg=audit(1442045142.791:158570): avc: denied { ioctl } for
> pid=3358 comm="nslookup" path="/etc/resolv.conf" dev="dm-1" ino=95751
> scontext=system_u:system_r:svirt_lxc_net_t:s0:c411,c700
> tcontext=system_u:object_r:svirt_sandbox_file_t:s0:c722,c900 tclass=file
> permissive=1
> [many more of these with different pids]
This looks like you have a /etc/resolv.conf from one machine leaking
into another? Are you volume mounting in /etc/resolv.conf into containers?
> type=AVC msg=audit(1442048674.527:162109): avc: denied { lock } for
> pid=20655 comm="etcd" path="/var/
> etcd/data/member/wal/0000000000000011-0000000000029822.wal" dev="dm-1"
> ino=109294 scontext=system_u:syst em_r:svirt_lxc_net_t:s0:c369,c609
> tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=1
>
> type=AVC msg=audit(1442213538.406:164): avc: denied { dyntransition }
> for pid=1808 comm="sshd" scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:system_r:sshd_net_t:s0 tclass=process permissive=0 type=AVC
> msg=audit(1442213539.950:183): avc: denied { dyntransition } for pid=1814
> comm="sshd" sconte xt=system_u:system_r:kernel_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
Looks like sshd is running as kernel_t, which indicates to me the system
needs to be relabeled.
touch /.autorelabel; reboot
Should fix the labels.
> type=AVC msg=audit(1442213540.053:187): avc: denied { transition } for
> pid=1815 comm="sshd" path="/usr/bin/bash" dev="dm-1" ino=18761953
> scontext=system_u:system_r:kernel_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
> [many more of the last]
>
> type=AVC msg=audit(1442214925.923:172): avc: denied { sigchld } for
> pid=1 comm="systemd" scontext=system_u:system_r:sshd_net_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
These are caused by sshd not running with the proper label
> Thanks in advance,
> Tobias Florek
>
