https://bugzilla.redhat.com/show_bug.cgi?id=824921 (Red Hat Enterprise Linux 6)
Description of problem: Upgrading an IPA server from RHEL 6.2 to IPA in RHEL 6.3, I see an AVC denial: type=SYSCALL msg=audit(1337802927.926:980): arch=c000003e syscall=42 success=no exit=-13 a0=2a a1=7f2d4a2ba680 a2=1c a3=7f2d4a2ba400 items=0 ppid=1 pid=32113 auid=4294967295 uid=497 gid=495 euid=497 suid=497 fsuid=497 egid=495 sgid=495 fsgid=495 tty=(none) ses=4294967295 comm="java" exe="/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin/java" subj=unconfined_u:system_r:pki_ca_t:s0 key=(null) type=AVC msg=audit(1337802927.926:980): avc: denied { name_connect } for pid=32113 comm="java" dest=49182 scontext=unconfined_u:system_r:pki_ca_t:s0 tcontext=system_u:object_r:virt_migration_port_t:s0 tclass=tcp_socket Version-Release number of selected component (if applicable): pki-ca-9.0.3-20.el6.noarch How reproducible: unknown Steps to Reproduce: 1. <install rhel6.2 ipa server> 2. <point yum repos to rhel6.3 repo> 3. yum -y update 'ipa*' Actual results: May see above listed avc denial. Expected results: No AVC denials should be seen on a clean upgrade? Additional info:
This has been found to be an issue with Tomcat or the JVM, not Dogtag. We can close this as invalid.
Metadata Update from @nkinder: - Issue assigned to vakwetu - Issue set to the milestone: 9.0.24
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/916
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.