Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1401208 - [RHVH 4.0.6] avc denied errors (dev="tmpfs") in audit.log after upgrade
Summary: [RHVH 4.0.6] avc denied errors (dev="tmpfs") in audit.log after upgrade
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: ovirt-node
Classification: oVirt
Component: Installation & Update
Version: 4.0
Hardware: Unspecified
OS: Unspecified
medium
low vote
Target Milestone: ovirt-4.0.7
: ---
Assignee: Ryan Barry
QA Contact: cshao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-03 14:08 UTC by cshao
Modified: 2017-01-18 11:08 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-18 11:08:18 UTC
oVirt Team: Node
rule-engine: ovirt-4.0.z+


Attachments (Terms of Use)
/var/log; /tmp; sosreport (deleted)
2016-12-03 14:08 UTC, cshao
no flags Details


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 67908 master MERGED osupdater: try restorecon on upgrades 2017-01-11 18:37:24 UTC
oVirt gerrit 70049 ovirt-4.1 MERGED osupdater: try restorecon on upgrades 2017-01-11 18:38:35 UTC
Red Hat Bugzilla 1359789 None None None Never

Internal Links: 1359789

Description cshao 2016-12-03 14:08:49 UTC
Created attachment 1227674 [details]
/var/log; /tmp; sosreport

Description of problem:
[RHVH 4.0.6] avc denied errors (dev="tmpfs") in audit.log after upgrade

# imgbase layout
rhvh-4.0-0.20161116.0
 +- rhvh-4.0-0.20161116.0+1
rhvh-4.0-0.20161130.0
 +- rhvh-4.0-0.20161130.0+1


Version-Release number of selected component (if applicable):
redhat-virtualization-host-4.0-20161116.1
imgbased-0.8.10-0.1.el7ev.noarch

redhat-virtualization-host-4.0-20161130.0
imgbased-0.8.10-0.1.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda.
2. Login RHVH and setup local repos
3. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0
4. Reboot and login the new build.
5. grep "avc:  denied" /var/log/audit/audit.log

Actual results:
After step5, avc denied errors (dev="tmpfs") in audit.log after upgrade

grep "avc:  denied" /var/log/audit/audit.log
type=AVC msg=audit(1480665183.943:621): avc:  denied  { write } for  pid=21818 comm="rpc.statd" path="/run/rpc.statd.lock" dev="tmpfs" ino=51145 scontext=system_u:system_r:rpcd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file



Expected results:
No avc denied errors in audit.log.

Additional info:
No such issue on clean RHVH(no update) 4.0.6 build.

Comment 1 Fabian Deutsch 2016-12-04 21:09:47 UTC
Does this denial also appear on RHEL-H?

Comment 2 cshao 2016-12-05 08:43:54 UTC
(In reply to Fabian Deutsch from comment #1)
> Does this denial also appear on RHEL-H?

No such issue on RHEL-H.

Comment 3 Ryan Barry 2016-12-06 16:08:43 UTC
I can't reproduce this. Were any additional steps taken?

Comment 4 Ryan Barry 2016-12-06 18:53:15 UTC
I threw a patch at this, but I can't verify this without a reproducer.

Comment 5 cshao 2016-12-07 08:35:03 UTC
(In reply to Ryan Barry from comment #3)
> I can't reproduce this. Were any additional steps taken?

Hi Ryan, 

After double check, the registration step is must.

Let me correct the steps.
1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda.
2. Register RHVH to RHVM.
2. Login RHVH and setup local repos
3. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0
4. Reboot and login the new build.
5. grep "avc:  denied" /var/log/audit/audit.log

Comment 6 Ryan Barry 2016-12-07 20:16:18 UTC
I'm still not able to reproduce this. I'll put up a test build later today for QE verification.

Steps taken:

1. Install redhat-virtualization-host-4.0-20161116.1 via interactive anaconda.
2. Register RHVH to RHVM.
3. Login RHVH and setup local repos
4. Upgrade RHVH from the old version to redhat-virtualization-host-4.0-20161130.0
5. Reboot and login the new build.
6. grep "avc:  denied" /var/log/audit/audit.log

No messages.

I waited about 60 minutes before commenting here just to make sure nothing came up.

Were any other steps taken? Attaching to storage? Setting up networks? Adding VMs?

Comment 8 Fabian Deutsch 2016-12-13 09:50:33 UTC
Is any NFS functionality impacted? Could you please test a simple flow with a NFS SD?

Comment 9 cshao 2016-12-13 11:23:19 UTC
(In reply to Fabian Deutsch from comment #8)
> Is any NFS functionality impacted? Could you please test a simple flow with
> a NFS SD?

It seems no effect during my testing.

After two days testing, I can't reproduce this issue anymore.

Test scenarios 1:
1. Install RHVH old version.
2. Register RHVH to RHVM.
3. Attaching to storage
4. Adding VMs
5. Yum update to the latest RHVH.

Test result:
Pass without AVC error.


Test scenarios 2:
1. Install RHVH old version.
2. Yum update to the latest RHVH.
3. Register RHVH to RHVM.
4. Attaching to storage
5. Adding VMs

Test result:
Pass without AVC error.


Test scenarios 3:
1. Install RHVH old version.
2. Register RHVH to RHVM.
3. Attaching to storage
4. Adding VMs
5. Upgrade to the latest RHVH via RHVM.

Test result:
Pass without AVC error.


Test scenarios 4:
Repeat scenario 3 with bond+vlan env.

Test result:
Pass without AVC error.

Comment 10 Fabian Deutsch 2016-12-13 13:03:19 UTC
Moving this out for now according to comment 9

Comment 11 Ying Cui 2017-01-16 14:32:08 UTC
chen, could you take a look at this bug if we can not reproduce this bug on latest 4.0.z build and 4.1 build, we probably consider to close it.

Comment 12 cshao 2017-01-18 11:08:18 UTC
(In reply to Ying Cui from comment #11)
> chen, could you take a look at this bug if we can not reproduce this bug on
> latest 4.0.z build and 4.1 build, we probably consider to close it.


After repeated testing, the bug can't be reproduce anymore on latest 4.0.z(redhat-virtualization-host-4.0-20170104.1 ) build and 4.1(redhat-virtualization-host-4.1-20160116.0) build.

So close this bug as WORKSFORME.

Fell free to re-open this bug if can reproduce it again in the future.


Note You need to log in before you can comment on or make changes to this bug.