-
Bug
-
Resolution: Done
-
High
-
OSC 1.4.0
-
None
-
False
-
None
-
False
-
-
-
Kata Sprint #234
-
0
-
0
Description
Monitor pod is logging a failure every minute :
time="2023-03-29T13:38:44.612082211Z" level=warning msg="cannot monitor /run/vc/sbs, retry in 60 sec." error="permission denied" name=kata-monitor pid=1 source=kata-monitor time="2023-03-29T13:39:44.612766433Z" level=warning msg="cannot monitor /run/vc/sbs, retry in 60 sec." error="permission denied" name=kata-monitor pid=1 source=kata-monitor time="2023-03-29T13:40:44.613944245Z" level=warning msg="cannot monitor /run/vc/sbs, retry in 60 sec." error="permission denied" name=kata-monitor pid=1 source=kata-monitor
Matching selinux denials are logged on the host :
type=AVC msg=audit(1680097124.610:359): avc: denied { watch } for pid=11960 comm="kata-monitor" path="/run/vc/sbs" dev="tmpfs" ino=4078 scontext=system_u:system_r:osc_monitor.process:s0:c862,c902 tcontext=system_u:object_r:container_var_run_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1680097184.611:360): avc: denied { watch } for pid=11960 comm="kata-monitor" path="/run/vc/sbs" dev="tmpfs" ino=4078 scontext=system_u:system_r:osc_monitor.process:s0:c862,c902 tcontext=system_u:object_r:container_var_run_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1680097244.612:361): avc: denied { watch } for pid=11960 comm="kata-monitor" path="/run/vc/sbs" dev="tmpfs" ino=4078 scontext=system_u:system_r:osc_monitor.process:s0:c862,c902 tcontext=system_u:object_r:container_var_run_t:s0 tclass=dir permissive=0
Steps to reproduce
1. Install OSC 1.4 on OCP 4.13
2. Create a kataconfig
3. Wait for a monitor pod to be running
4. Look at the logs of that monitor and the audit logs on the host
Expected result
No errors.
Actual result
Errors mentioned in the description.
Impact
No metrics.
Env
OCP : 4.13.0-0.nightly-2023-03-23-000343
OSC : quay.io/openshift_sandboxed_containers/openshift-sandboxed-containers-operator-catalog:1.4.0-40
Additional helpful info
- is duplicated by
-
-
- Closed
-