Hi everyone. After a fresh install of OKD 3.10, I'm unable to properly save audit logs into a host dir. The default path from the hosts.example [1] tries to write into an unwriteable dir.
What is the recommended solution for this? The /var/log/audit/audit.log file from the host: type=AVC msg=audit(1534326872.648:1703901): avc: denied { write } for pid=22634 comm="openshift" name="openpaas-oscp-audit" dev="xvda1" ino=15097948 scontext=system_u:system_r:container_t:s0:c143,c334 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1534326872.648:1703901): arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=c42ce61100 a2=80241 a3=1a4 items=0 ppid=22624 pid=22634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="openshift" exe="/usr/bin/openshift" subj=system_u:system_r:container_t:s0:c143,c334 key=(null) type=PROCTITLE msg=audit(1534326872.648:1703901): proctitle=6F70656E7368696674007374617274006D617374657200617069002D2D636F6E6669673D2F6574632F6F726967696E2F6D61737465722F6D61737465722D636F6E6669672E79616D6C002D2D6C6F676C6576656C3D31 And the logs of the API container E0815 09:52:21.826793 1 metrics.go:86] Error in audit plugin 'log' affecting 1 audit events: can't open new logfile: open /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission denied Impacted events: 2018-08-15T09:52:21.826616689Z AUDIT: id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="RequestReceived" ip="10.0.108.99" method="get" user="system:openshift-master" groups="\"system:masters\",\"system:openshift-master\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="openshift-web-console" uri="/api/v1/namespaces/openshift-web-console/configmaps/webconsole-config" response="<deferred>" E0815 09:52:21.828096 1 metrics.go:86] Error in audit plugin 'log' affecting 1 audit events: can't open new logfile: open /var/lib/origin/openpaas-oscp-audit/openpaas-oscp-audit.log: permission denied Impacted events: 2018-08-15T09:52:21.826616689Z AUDIT: id="90c74b44-bbeb-495f-bb2b-543e2c1b23f1" stage="ResponseComplete" ip="10.0.108.99" method="get" user="system:openshift-master" groups="\"system:masters\",\"system:openshift-master\",\"system:authenticated\"" as="<self>" asgroups="<lookup>" namespace="openshift-web-console" uri="/api/v1/namespaces/openshift-web-console/configmaps/webconsole-config" response="404" [1] https://github.com/openshift/openshift-ansible/blob/2e78bc99fdd240e8be653facb93118f1597e801f/inventory/hosts.example#L927 -- Mateus Caruccio / Master of Puppets GetupCloud.com We make the infrastructure invisible Gartner Cool Vendor 2017
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev