Updating or installing PCP (Performance Co-Pilot) may cause lots of AVC denials
Issue
When installing or updating the pcp (Performance Co-Pilot) package, the install/update process may generate lots of SELinux AVC denials, similar to the following:
type=AVC msg=audit(1558891535.522:72): avc: denied { read } for pid=6050 comm="pmdakvm" name="kvm" dev="debugfs" ino=28939 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:debugfs_t:s0 tcla
ss=dir permissive=1
type=AVC msg=audit(1558891535.522:73): avc: denied { read } for pid=6050 comm="pmdakvm" name="id" dev="debugfs" ino=29234 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1558891535.522:73): avc: denied { open } for pid=6050 comm="pmdakvm" path="/sys/kernel/debug/tracing/events/kvm/kvm_exit/id" dev="debugfs" ino=29234 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
type=AVC msg=audit(1558891535.522:74): avc: denied { getattr } for pid=6050 comm="pmdakvm" path="/sys/kernel/debug/tracing/events/kvm/kvm_exit/id" dev="debugfs" ino=29234 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
(for more see Diagnostic Steps below)
After such update/installation, the behavior of PCP may be unpredictable and/or broken.
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.