Audit logs can be written

Wed, 15 Aug 2018 03:03:02 -0700 

Hi everyone.

After a fresh install of OKD 3.10, I'm unable to properly save audit logs
into a host dir. The default path from the hosts.example [1] tries to write
into an unwriteable dir.

What is the recommended solution for this?

The /var/log/audit/audit.log file from the host:

type=AVC msg=audit(1534326872.648:1703901): avc:  denied  { write } for
pid=22634 comm="openshift" name="openpaas-oscp-audit" dev="xvda1"
ino=15097948 scontext=system_u:system_r:container_t:s0:c143,c334
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1534326872.648:1703901): arch=c000003e syscall=257
success=no exit=-13 a0=ffffffffffffff9c a1=c42ce61100 a2=80241 a3=1a4
items=0 ppid=22624 pid=22634 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openshift"
exe="/usr/bin/openshift" subj=system_u:system_r:container_t:s0:c143,c334
key=(null)
type=PROCTITLE msg=audit(1534326872.648:1703901):
proctitle=6F70656E7368696674007374617274006D617374657200617069002D2D636F6E6669673D2F6574632F6F726967696E2F6D61737465722F6D61737465722D636F6E6669672E79616D6C002D2D6C6F676C6576656C3D31

And the logs of the API container

E0815 09:52:21.826793       1 metrics.go:86] Error in audit plugin 'log'
affecting 1 audit events: can't open new logfile: open
/var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission
denied
Impacted events:
2018-08-15T09:52:21.826616689Z AUDIT:
id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="RequestReceived"
ip="10.0.108.99" method="get" user="system:openshift-master"
groups="\"system:masters\",\"system:openshift-master\",\"system:authenticated\""
as="<self>" asgroups="<lookup>" namespace="openshift-web-console"
uri="/api/v1/namespaces/openshift-web-console/configmaps/webconsole-config"
response="<deferred>"
E0815 09:52:21.828096       1 metrics.go:86] Error in audit plugin 'log'
affecting 1 audit events: can't open new logfile: open
/var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission
denied
Impacted events:
2018-08-15T09:52:21.826616689Z AUDIT:
id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="ResponseComplete"
ip="10.0.108.99" method="get" user="system:openshift-master"
groups="\"system:masters\",\"system:openshift-master\",\"system:authenticated\""
as="<self>" asgroups="<lookup>" namespace="openshift-web-console"
uri="/api/v1/namespaces/openshift-web-console/configmaps/webconsole-config"
response="404"



[1]
https://github.com/openshift/openshift-ansible/blob/2e78bc99fdd240e8be653facb93118f1597e801f/inventory/hosts.example#L927

--
Mateus Caruccio / Master of Puppets
GetupCloud.com
We make the infrastructure invisible
Gartner Cool Vendor 2017

_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Reply via email to