Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux denies getattr and read on /run/modprobe.d/fips.conf #6744

Open
martinpitt opened this issue Aug 16, 2024 · 2 comments
Open

SELinux denies getattr and read on /run/modprobe.d/fips.conf #6744

martinpitt opened this issue Aug 16, 2024 · 2 comments
Labels
knownissue

Comments

@martinpitt
Copy link
Member

Downstream report: https://issues.redhat.com/browse/RHEL-54591
martinpitt added a commit to martinpitt/bots that referenced this issue Aug 16, 2024
@martinpitt
naughty: Add pattern for SELinux FIPS policy regression
1f11543 
Downstream report: https://issues.redhat.com/browse/RHEL-54591
Known issue cockpit-project#6744
martinpitt added a commit that referenced this issue Aug 19, 2024
@martinpitt
naughty: Add pattern for SELinux FIPS policy regression
50de822 
Downstream report: https://issues.redhat.com/browse/RHEL-54591
Known issue #6744
allisonkarlitskaya pushed a commit that referenced this issue Sep 8, 2024
naughty: Close 6744: SELinux denies getattr and read on /run/modprobe…
35a70a0 
….d/fips.conf

Known issue which has not occurred in 22 days

SELinux denies getattr and read on /run/modprobe.d/fips.conf

Fixes #6744
@github-actions github-actions bot mentioned this issue Sep 8, 2024
Closed
allisonkarlitskaya pushed a commit that referenced this issue Sep 8, 2024
naughty: Close 6744: SELinux denies getattr and read on /run/modprobe…
18486fb 
….d/fips.conf

Known issue which has not occurred in 22 days

SELinux denies getattr and read on /run/modprobe.d/fips.conf

Fixes #6744

Closes #6839
@cockpituous
Copy link
Contributor

rhel-10-0
Ooops, it happened again

# ----------------------------------------------------------------------
# testInconsistentCryptoPolicy (__main__.TestSystemInfo.testInconsistentCryptoPolicy)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 42255
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
Warning: Using 'update-crypto-policies --set FIPS' is not sufficient for
         FIPS compliance.
         Use 'fips-mode-setup --enable' command instead.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
Warning: Using 'update-crypto-policies --set FIPS' is not sufficient for
         FIPS compliance.
         Use 'fips-mode-setup --enable' command instead.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1726269218.638:4): avc:  denied  { getattr } for  pid=754 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1726269218.639:5): avc:  denied  { read } for  pid=754 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/13/24 18:49:18.160:45) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/13/24 18:49:18.160:45) : item=1 name=(null) inode=42106095 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/13/24 18:49:18.160:45) : item=0 name=(null) inode=25951129 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/13/24 18:49:18.160:45) : cwd=/
type=SYSCALL msg=audit(09/13/24 18:49:18.160:45) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f06ac017da0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/13/24 18:49:18.160:45) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/13/24 18:49:18.160:45) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testInconsistentCryptoPolicy-rhel-10-0-127.0.0.2-2501-FAIL.js.log
Journal extracted to TestSystemInfo-testInconsistentCryptoPolicy-rhel-10-0-127.0.0.2-2501-FAIL.log.gz
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2165, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1726269218.638:4): avc:  denied  { getattr } for  pid=754 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testInconsistentCryptoPolicy (__main__.TestSystemInfo.testInconsistentCryptoPolicy) failed
# 1 TEST FAILED [184s on 6ee21836f80a]
not ok 84 test/verify/check-system-info TestSystemInfo.testInconsistentCryptoPolicy

First occurrence: 2024-09-13T23:15:40.729237+00:00 | revision b0648da
Times recorded: 1
Latest occurrences:

  • 2024-09-13T23:15:40.729237+00:00 | revision b0648da

@cockpituous
Copy link
Contributor

cockpituous commented Sep 13, 2024
edited
Loading

rhel-10-0
Ooops, it happened again

# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 60355
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 60355.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731610839.030:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731610839.030:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2401-FAIL.js.log
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2401-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731610839.030:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [218s on acd2555bd2c3]
not ok 84 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-14T19:00:55.835212+00:00 | revision 2f57d739f04ab5ab9f906e45527adb0a8a2b2cd2
Times recorded: 1
Latest occurrences:

  • 2024-11-14T19:00:55.835212+00:00 | revision 2f57d739f04ab5ab9f906e45527adb0a8a2b2cd2
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 52291
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 52291.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1731653169.975:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731653169.975:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2601-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2601-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731653169.975:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [238s on 9adc6a935ab9]
not ok 82 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T06:46:34.750759+00:00 | revision f86615aaa566994a2aa506b0453247d38aff35a4
Times recorded: 1
Latest occurrences:

  • 2024-11-15T06:46:34.750759+00:00 | revision f86615aaa566994a2aa506b0453247d38aff35a4
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 39805
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 39805.
> info: failed to fetch lastlog2: Object(5)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1731659058.391:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731659058.420:5): avc:  denied  { read } for  pid=841 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731659058.391:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [223s on 9b426d3682b4]
not ok 80 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T08:24:33.607369+00:00 | revision 49c1e4ef8e1d8b9836a879adbe03bed08808bc26
Times recorded: 1
Latest occurrences:

  • 2024-11-15T08:24:33.607369+00:00 | revision 49c1e4ef8e1d8b9836a879adbe03bed08808bc26
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 34595
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 34595.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1731660787.345:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731660787.345:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731660787.345:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [226s on 992c0b67f9bc]
not ok 84 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T08:53:23.149975+00:00 | revision 5fa6bed55763cd668c530bd9fef4f8b759202bb1
Times recorded: 1
Latest occurrences:

  • 2024-11-15T08:53:23.149975+00:00 | revision 5fa6bed55763cd668c530bd9fef4f8b759202bb1
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 54593
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 54593.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731661743.573:4): avc:  denied  { getattr } for  pid=840 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731661743.573:5): avc:  denied  { read } for  pid=840 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2501-FAIL.js.log
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2501-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731661743.573:4): avc:  denied  { getattr } for  pid=840 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [215s on 4ca3a748bc35]
not ok 78 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T09:09:19.187447+00:00 | revision f1a392550402bbea730f4c7ad86b9559cd84a43a
Times recorded: 1
Latest occurrences:

  • 2024-11-15T09:09:19.187447+00:00 | revision f1a392550402bbea730f4c7ad86b9559cd84a43a
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 37389
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 37389.
> info: failed to fetch lastlog2: Object(5)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731663413.103:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731663413.103:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2601-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2601-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731663413.103:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [228s on 3df4f378bd50]
not ok 154 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T09:37:08.556025+00:00 | revision dc7a8b8f9ac1f6b2e5e08d92cafcb0d04e3d7b8c
Times recorded: 1
Latest occurrences:

  • 2024-11-15T09:37:08.556025+00:00 | revision dc7a8b8f9ac1f6b2e5e08d92cafcb0d04e3d7b8c
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 50195
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 50195.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731665438.041:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731665438.041:5): avc:  denied  { read } for  pid=841 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-3001-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-3001-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1913, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2176, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731665438.041:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [222s on 3c2c56411484]
not ok 154 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T10:10:53.340257+00:00 | revision dae0b2f7c90dea2d1eefcc1c00b651ab882b7826
Times recorded: 1
Latest occurrences:

  • 2024-11-15T10:10:53.340257+00:00 | revision dae0b2f7c90dea2d1eefcc1c00b651ab882b7826
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 55085
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 55085.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731666562.499:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731666562.525:5): avc:  denied  { read } for  pid=841 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2701-FAIL.js.log
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2701-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1927, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2190, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731666562.499:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [229s on 2ad7e93e7d5d]
not ok 79 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T10:29:46.566124+00:00 | revision 917f36465f4aac00d133e08abe57d3182c076c3c
Times recorded: 1
Latest occurrences:

  • 2024-11-15T10:29:46.566124+00:00 | revision 917f36465f4aac00d133e08abe57d3182c076c3c
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 129.0.6668.89 (951c0b97221f8d4ba37cf97d324505c832251cf9-refs/branch-heads/6668@{#1503}) on port 43341
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully on port 43341.
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> info: failed to fetch lastlog2: Object(5)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1731673147.347:4): avc:  denied  { getattr } for  pid=843 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1731673147.347:5): avc:  denied  { read } for  pid=843 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(11/07/24 17:49:19.441:47) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=1 name=(null) inode=10323727 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(11/07/24 17:49:19.441:47) : item=0 name=(null) inode=544958 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(11/07/24 17:49:19.441:47) : cwd=/
type=SYSCALL msg=audit(11/07/24 17:49:19.441:47) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f8a70022090 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(11/07/24 17:49:19.441:47) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-3001-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-3001-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1927, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2190, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1731673147.347:4): avc:  denied  { getattr } for  pid=843 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [220s on a8b218fb5228]
not ok 150 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-11-15T12:19:21.412738+00:00 | revision c6c1d4d7630ddc01f55c82ba5be14e8ee0a6dadb
Times recorded: 1
Latest occurrences:

  • 2024-11-15T12:19:21.412738+00:00 | revision c6c1d4d7630ddc01f55c82ba5be14e8ee0a6dadb

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
knownissue
Projects
None yet
Milestone
No milestone
2 participants
@martinpitt @cockpituous