RHSC - collectd executing "/sbin/ethtool bonding_master" triggers SELinux alert

Solution In Progress - Updated -

Issue

  • on Ceph nodes with bond network device and enabled SELinux, collectd service triggers following SELinux alert
sudo[4781]: skyring-user : TTY=unknown ; PWD=/var/lib/collectd ; USER=root ; COMMAND=/sbin/ethtool bonding_masters
collectd[5786]: exec plugin: exec_read_one: error = sudo: unable to send audit message: Permission denied
sudo[4781]: PAM audit_log_acct_message() failed: Permission denied
collectd[5786]: exec plugin: exec_read_one: error = Cannot get device settings: No such device
type=AVC msg=audit(1493119958.656:199): avc:  denied  { module_request } for  pid=4782 comm="ethtool" kmod="netdev-bonding_masters" scontext=system_u:system_r:collectd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system

Environment

  • Red Hat Storage Console 2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content