Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux denies getattr and read on /run/modprobe.d/fips.conf #6744

Open
martinpitt opened this issue Aug 16, 2024 · 2 comments
Open

SELinux denies getattr and read on /run/modprobe.d/fips.conf #6744

martinpitt opened this issue Aug 16, 2024 · 2 comments
Labels
knownissue

Comments

@martinpitt
Copy link
Member

Downstream report: https://issues.redhat.com/browse/RHEL-54591
martinpitt added a commit to martinpitt/bots that referenced this issue Aug 16, 2024
@martinpitt
naughty: Add pattern for SELinux FIPS policy regression
1f11543 
Downstream report: https://issues.redhat.com/browse/RHEL-54591
Known issue cockpit-project#6744
martinpitt added a commit that referenced this issue Aug 19, 2024
@martinpitt
naughty: Add pattern for SELinux FIPS policy regression
50de822 
Downstream report: https://issues.redhat.com/browse/RHEL-54591
Known issue #6744
allisonkarlitskaya pushed a commit that referenced this issue Sep 8, 2024
naughty: Close 6744: SELinux denies getattr and read on /run/modprobe…
35a70a0 
….d/fips.conf

Known issue which has not occurred in 22 days

SELinux denies getattr and read on /run/modprobe.d/fips.conf

Fixes #6744
@github-actions github-actions bot mentioned this issue Sep 8, 2024
Closed
allisonkarlitskaya pushed a commit that referenced this issue Sep 8, 2024
naughty: Close 6744: SELinux denies getattr and read on /run/modprobe…
18486fb 
….d/fips.conf

Known issue which has not occurred in 22 days

SELinux denies getattr and read on /run/modprobe.d/fips.conf

Fixes #6744

Closes #6839
@cockpituous
Copy link
Contributor

rhel-10-0
Ooops, it happened again

# ----------------------------------------------------------------------
# testInconsistentCryptoPolicy (__main__.TestSystemInfo.testInconsistentCryptoPolicy)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 42255
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
Warning: Using 'update-crypto-policies --set FIPS' is not sufficient for
         FIPS compliance.
         Use 'fips-mode-setup --enable' command instead.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
Warning: Using 'update-crypto-policies --set FIPS' is not sufficient for
         FIPS compliance.
         Use 'fips-mode-setup --enable' command instead.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1726269218.638:4): avc:  denied  { getattr } for  pid=754 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1726269218.639:5): avc:  denied  { read } for  pid=754 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/13/24 18:49:18.160:45) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/13/24 18:49:18.160:45) : item=1 name=(null) inode=42106095 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/13/24 18:49:18.160:45) : item=0 name=(null) inode=25951129 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/13/24 18:49:18.160:45) : cwd=/
type=SYSCALL msg=audit(09/13/24 18:49:18.160:45) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7f06ac017da0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=860 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/13/24 18:49:18.160:45) : avc:  denied  { create } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/13/24 18:49:18.160:45) : avc:  denied  { add_name } for  pid=860 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testInconsistentCryptoPolicy-rhel-10-0-127.0.0.2-2501-FAIL.js.log
Journal extracted to TestSystemInfo-testInconsistentCryptoPolicy-rhel-10-0-127.0.0.2-2501-FAIL.log.gz
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2165, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1726269218.638:4): avc:  denied  { getattr } for  pid=754 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=115 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testInconsistentCryptoPolicy (__main__.TestSystemInfo.testInconsistentCryptoPolicy) failed
# 1 TEST FAILED [184s on 6ee21836f80a]
not ok 84 test/verify/check-system-info TestSystemInfo.testInconsistentCryptoPolicy

First occurrence: 2024-09-13T23:15:40.729237+00:00 | revision b0648da
Times recorded: 1
Latest occurrences:

  • 2024-09-13T23:15:40.729237+00:00 | revision b0648da

@cockpituous
Copy link
Contributor

cockpituous commented Sep 13, 2024
edited
Loading

rhel-10-0
Ooops, it happened again

# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 34215
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
kex_exchange_identification: read: Connection reset by peer
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
Connection to 127.0.0.2 closed by remote host.
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1727254337.853:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727254337.853:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2168, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727254337.853:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [241s on 390897a10ae0]
not ok 67 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-25T08:52:43.934783+00:00 | revision a432a79ac3eccb6ab6688d3aec339bf36cca067b
Times recorded: 1
Latest occurrences:

  • 2024-09-25T08:52:43.934783+00:00 | revision a432a79ac3eccb6ab6688d3aec339bf36cca067b
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 45635
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727255777.119:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727255777.119:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2167, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727255777.119:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [223s on 1a7b14c2c0d7]
not ok 47 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-25T09:16:32.787968+00:00 | revision c23b02a855569af79de83e2d2071e2fae3156373
Times recorded: 1
Latest occurrences:

  • 2024-09-25T09:16:32.787968+00:00 | revision c23b02a855569af79de83e2d2071e2fae3156373
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 54559
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727262223.385:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727262223.385:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2167, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727262223.385:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [239s on 1ad1d350baa2]
not ok 61 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-25T11:04:09.110974+00:00 | revision e42ea6fa33e4c29746bd798566501add9abbb9c4
Times recorded: 1
Latest occurrences:

  • 2024-09-25T11:04:09.110974+00:00 | revision e42ea6fa33e4c29746bd798566501add9abbb9c4
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 53955
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
kex_exchange_identification: read: Connection reset by peer
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1727362048.855:4): avc:  denied  { getattr } for  pid=840 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727362048.878:5): avc:  denied  { read } for  pid=840 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2301-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2301-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2167, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727362048.855:4): avc:  denied  { getattr } for  pid=840 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [251s on 9487bc4d7721]
not ok 61 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-26T14:47:49.751847+00:00 | revision 5a0c357eb5369aae9c9f2c71c5a223c9daf325c1
Times recorded: 1
Latest occurrences:

  • 2024-09-26T14:47:49.751847+00:00 | revision 5a0c357eb5369aae9c9f2c71c5a223c9daf325c1
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 50825
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727366938.087:4): avc:  denied  { getattr } for  pid=843 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727366938.087:5): avc:  denied  { read } for  pid=843 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2168, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727366938.087:4): avc:  denied  { getattr } for  pid=843 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [217s on 0c78ede82a34]
not ok 83 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-26T16:09:14.392602+00:00 | revision 8cbaa22f7787ce118e15beb9cc336bbdc7450528
Times recorded: 1
Latest occurrences:

  • 2024-09-26T16:09:14.392602+00:00 | revision 8cbaa22f7787ce118e15beb9cc336bbdc7450528
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 34539
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727414222.618:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727414222.618:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2168, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727414222.618:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [233s on 0923644c6937]
not ok 83 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-27T05:17:19.586967+00:00 | revision 1ca735c9616a971592f60a729add1997c90ab5fd
Times recorded: 1
Latest occurrences:

  • 2024-09-27T05:17:19.586967+00:00 | revision 1ca735c9616a971592f60a729add1997c90ab5fd
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 53179
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727416061.100:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727416061.100:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2201-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2168, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727416061.100:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [233s on fe30b088e41c]
not ok 83 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-27T05:48:06.011204+00:00 | revision 5719a2c276ad797634ed67ab414c5b61a6294864
Times recorded: 1
Latest occurrences:

  • 2024-09-27T05:48:06.011204+00:00 | revision 5719a2c276ad797634ed67ab414c5b61a6294864
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 51333
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
audit: type=1400 audit(1727418860.604:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727418860.604:5): avc:  denied  { read } for  pid=841 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2167, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727418860.604:4): avc:  denied  { getattr } for  pid=841 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [228s on 45122751bbad]
not ok 62 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-27T06:34:37.806859+00:00 | revision 244dd128030ebb06af8a5845cc7c11699c34ba87
Times recorded: 1
Latest occurrences:

  • 2024-09-27T06:34:37.806859+00:00 | revision 244dd128030ebb06af8a5845cc7c11699c34ba87
# ----------------------------------------------------------------------
# testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies)
Starting ChromeDriver 127.0.6533.99 (f31af5097d90ef5ae5bd7b8700199bc6189ba34d-refs/branch-heads/6533@{#1910}) on port 41179
Only local connections are allowed.
Please see https://chromedriver.chromium.org/security-considerations for suggestions on keeping ChromeDriver safe.
ChromeDriver was started successfully.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: transport closed: disconnected
Warning: Using 'update-crypto-policies --set' in FIPS mode will make the system
         non-compliant with FIPS.
         It can also break the ssh access to the system.
         Use 'fips-mode-setup --disable' to disable the system FIPS mode.
> warn: failed to poll tuned Object(4)
> warn: failed to poll tuned Object(4)
> warn: Resolving coreutils failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
> warn: cockpit.format_{bytes,bits}[_per_sec](..., GiB, [object Object]) is deprecated.
> warn: loading available updates failed: {"detail":"cannot update repo 'RHEL-BaseOS': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Curl error (6): Could not resolve hostname for http://download.devel.redhat.com/rhel-10/nightly/RHEL-10-Public-Beta/latest-RHEL-10.0/compose/BaseOS/x86_64/os/repodata/repomd.xml [Could not resolve host: download.devel.redhat.com]","code":64}
audit: type=1400 audit(1727446928.096:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
audit: type=1400 audit(1727446928.096:5): avc:  denied  { read } for  pid=842 comm="systemd-modules" name="fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0
----
type=PROCTITLE msg=audit(09/21/24 18:47:54.258:58) : proctitle=/usr/sbin/virtqemud --timeout 120
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=1 name=(null) inode=8953108 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=CREATE cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=PATH msg=audit(09/21/24 18:47:54.258:58) : item=0 name=(null) inode=17369066 dev=fc:03 mode=dir,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:var_t:s0 nametype=PARENT cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 cap_frootid=0
type=CWD msg=audit(09/21/24 18:47:54.258:58) : cwd=/
type=SYSCALL msg=audit(09/21/24 18:47:54.258:58) : arch=x86_64 syscall=mkdir success=yes exit=0 a0=0x7fa738016cf0 a1=0777 a2=0x0 a3=0x0 items=2 ppid=1 pid=1103 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=daemon-init exe=/usr/sbin/virtqemud subj=system_u:system_r:virtqemud_t:s0 key=(null)
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { create } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
type=AVC msg=audit(09/21/24 18:47:54.258:58) : avc:  denied  { add_name } for  pid=1103 comm=daemon-init name=libvirt scontext=system_u:system_r:virtqemud_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=1
Wrote JS log to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.js.log
Journal extracted to TestSystemInfo-testCryptoPolicies-rhel-10-0-127.0.0.2-2801-FAIL.log.gz
Traceback (most recent call last):
  File "/work/make-checkout-workdir/test/common/testlib.py", line 1905, in tearDown
    self.check_journal_messages()
  File "/work/make-checkout-workdir/test/common/testlib.py", line 2167, in check_journal_messages
    raise Error(UNEXPECTED_MESSAGE + "journal messages:\n" + first)
testlib.Error: FAIL: Test completed, but found unexpected journal messages:
audit: type=1400 audit(1727446928.096:4): avc:  denied  { getattr } for  pid=842 comm="systemd-modules" path="/run/modprobe.d/fips.conf" dev="tmpfs" ino=120 scontext=system_u:system_r:systemd_modules_load_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file permissive=0

# Result testCryptoPolicies (__main__.TestSystemInfo.testCryptoPolicies) failed
# 1 TEST FAILED [242s on 025aff1597b6]
not ok 62 test/verify/check-system-info TestSystemInfo.testCryptoPolicies

First occurrence: 2024-09-27T14:22:32.426865+00:00 | revision f16216bb84314d0a2289691d4e1a068491142894
Times recorded: 1
Latest occurrences:

  • 2024-09-27T14:22:32.426865+00:00 | revision f16216bb84314d0a2289691d4e1a068491142894

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
knownissue
Projects
None yet
Milestone
No milestone
2 participants
@martinpitt @cockpituous