Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1547

encountering selinux denial on ppc64le during attempted write by lscpu during rhsmcertd process

XMLWordPrintable

    • selinux-policy-38.1.24-1.el9
    • None
    • Medium
    • sst_security_selinux
    • ssg_security
    • 8
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Hide

      SELinux policy should NOT allow any processes running under rhsmcertd_t to write to the /dev/mem device. The write access should be dontaudit-ed.

      Show
      SELinux policy should NOT allow any processes running under rhsmcertd_t to write to the /dev/mem device. The write access should be dontaudit-ed.
    • Pass
    • Automated
    • If docs needed, set a value
    • None

      Description of problem:
      During the course of automated testing of subscription-manager on ppc64le, the following selinux denials have been appearing regularly...

      Here is the denials in /var/log/audit.log...

      type=AVC msg=audit(1689950723.971:7026): avc: denied

      { write } for pid=47447 comm="lscpu" name="mem" dev="devtmpfs" ino=3 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=0
      type=AVC msg=audit(1689950724.041:7027): avc: denied { write }

      for pid=47520 comm="lscpu" name="mem" dev="devtmpfs" ino=3 scontext=system_u:system_r:rhsmcertd_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file permissive=0

      Here is the tail of /var/log/rhsm/rhsm.log corresponding to the time of the denials above...

      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @base_action_client.py:82 - running lib: <subscription_manager.installedproductslib.InstalledProductsActionInvoker object at 0x7fffa0fc8340>
      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @cache.py:187 - Checking current system info against cache: /var/lib/rhsm/cache/installed_products.json
      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @cache.py:205 - No changes.
      2023-07-21 10:45:25,005 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,006 [DEBUG] rhsmcertd-worker:47327:MainThread @base_action_client.py:82 - running lib: <subscription_manager.syspurposelib.SyspurposeSyncActionInvoker object at 0x7fffa0fc84c0>
      2023-07-21 10:45:25,006 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,006 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:390 - Successfully read cached syspurpose contents.
      2023-07-21 10:45:25,006 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:290 - Attempting to sync syspurpose content...
      2023-07-21 10:45:25,006 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:1116 - Making request: GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679
      2023-07-21 10:45:25,007 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,009 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,047 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52774), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,121 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:1196 - Response time: 0.000141143798828125, Smoothed response time: 0.00016839908719062805
      2023-07-21 10:45:25,121 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:1150 - Response: status=200, requestUuid=613990c5-3f32-4144-bb8b-775981c3eb6e, request="GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679"
      2023-07-21 10:45:25,121 [DEBUG] rhsmcertd-worker:47327:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,122 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:379 - Successfully read remote syspurpose from server.
      2023-07-21 10:45:25,122 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:390 - Successfully read cached syspurpose contents.
      2023-07-21 10:45:25,122 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:699 - Attempting a three-way merge...
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:651 - Successfully updated syspurpose values at '/etc/rhsm/syspurpose/syspurpose.json'.
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:652 - Failed to update syspurpose values at '/etc/rhsm/syspurpose/syspurpose.json'.
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:651 - Successfully updated syspurpose values at '/var/lib/rhsm/cache/syspurpose.json'.
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:652 - Failed to update syspurpose values at '/var/lib/rhsm/cache/syspurpose.json'.
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @files.py:316 - Successfully synced system purpose.
      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @syspurposelib.py:282 - Syspurpose updated: Syspurpose Sync
      status: None
      updates:
      exceptions:

      2023-07-21 10:45:25,123 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,124 [DEBUG] rhsmcertd-worker:47327:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,473 [DEBUG] rhsmcertd-worker:47592:MainThread @rhsmcertd_worker.py:179 - X-Correlation-ID: 41195c07196a4d62bd7f0c17943f0b33
      2023-07-21 10:45:25,473 [DEBUG] rhsmcertd-worker:47592:MainThread @rhsmcertd_worker.py:183 - check for rhsmcertd disable
      2023-07-21 10:45:25,475 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:238 - Environment variable NO_PROXY= will be used
      2023-07-21 10:45:25,475 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:622 - Creating new BaseRestLib instance
      2023-07-21 10:45:25,475 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:364 - Connection built: host=subscription.rhsm.stage.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
      2023-07-21 10:45:25,475 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1116 - Making request: GET /subscription/
      2023-07-21 10:45:25,475 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,479 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,517 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52782), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,542 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1196 - Response time: 0.000118255615234375, Smoothed response time: 0.000118255615234375
      2023-07-21 10:45:25,542 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1150 - Response: status=200, requestUuid=5366aa11-2447-44a7-86c0-702c76bc82fc, request="GET /subscription/"
      2023-07-21 10:45:25,542 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,543 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1405 - Server supports the following resources: {'entitlements': '/entitlements', '': '', 'subscriptions': '/subscriptions', 'roles': '/roles', 'jobs': '/jobs', 'activation_keys': '/activation_keys', 'admin': '/admin', 'pools': '/pools', 'rules': '/rules', 'owners': '/owners', 'cdn': '/cdn', 'content_overrides': '/consumers/

      {consumer_uuid}/content_overrides', '{owner}': '/hypervisors/{owner}', 'users': '/users', 'content': '/content', 'products': '/products', 'consumertypes': '/consumertypes', 'consumers': '/consumers', 'deleted_consumers': '/deleted_consumers', 'distributor_versions': '/distributor_versions', 'crl': '/crl', '{id}': '/serials/{id}', 'status': '/status', 'packages': '/consumers/{consumer_uuid}

      /packages'}
      2023-07-21 10:45:25,543 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,543 [DEBUG] rhsmcertd-worker:47592:MainThread @base_action_client.py:82 - running lib: <subscription_manager.installedproductslib.InstalledProductsActionInvoker object at 0x7fffac398130>
      2023-07-21 10:45:25,543 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,545 [DEBUG] rhsmcertd-worker:47592:MainThread @identity.py:142 - Loading consumer info from identity certificates.
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @cache.py:187 - Checking current system info against cache: /var/lib/rhsm/cache/installed_products.json
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @cache.py:205 - No changes.
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @base_action_client.py:82 - running lib: <subscription_manager.syspurposelib.SyspurposeSyncActionInvoker object at 0x7fffac3985e0>
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:390 - Successfully read cached syspurpose contents.
      2023-07-21 10:45:25,546 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:290 - Attempting to sync syspurpose content...
      2023-07-21 10:45:25,547 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1116 - Making request: GET /subscription/status
      2023-07-21 10:45:25,547 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,549 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,589 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52788), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,615 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1196 - Response time: 0.00011038780212402344, Smoothed response time: 0.00011746883392333985
      2023-07-21 10:45:25,615 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1150 - Response: status=200, requestUuid=069bfd1f-647f-45e9-90b4-2c3f35fa7230, request="GET /subscription/status"
      2023-07-21 10:45:25,615 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,615 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1449 - Server has the following capabilities: ['keycloak_auth', 'cloud_registration', 'instance_multiplier', 'derived_product', 'vcpu', 'cert_v3', 'hypervisors_heartbeat', 'remove_by_pool_id', 'syspurpose', 'storage_band', 'device_auth', 'cores', 'ssl_verify_status', 'multi_environment', 'hypervisors_async', 'org_level_content_access', 'guest_limit', 'ram', 'batch_bind', 'combined_reporting']
      2023-07-21 10:45:25,616 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1116 - Making request: GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679
      2023-07-21 10:45:25,616 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,618 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,657 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52794), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,727 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1196 - Response time: 0.000110626220703125, Smoothed response time: 0.00011678457260131837
      2023-07-21 10:45:25,728 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1150 - Response: status=200, requestUuid=fa8164d3-d4b1-4e86-b710-74fd1c28c28f, request="GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679"
      2023-07-21 10:45:25,728 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,728 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:379 - Successfully read remote syspurpose from server.
      2023-07-21 10:45:25,728 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:390 - Successfully read cached syspurpose contents.
      2023-07-21 10:45:25,728 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:699 - Attempting a three-way merge...
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:651 - Successfully updated syspurpose values at '/etc/rhsm/syspurpose/syspurpose.json'.
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:652 - Failed to update syspurpose values at '/etc/rhsm/syspurpose/syspurpose.json'.
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:651 - Successfully updated syspurpose values at '/var/lib/rhsm/cache/syspurpose.json'.
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:652 - Failed to update syspurpose values at '/var/lib/rhsm/cache/syspurpose.json'.
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @files.py:316 - Successfully synced system purpose.
      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @syspurposelib.py:282 - Syspurpose updated: Syspurpose Sync
      status: None
      updates:
      exceptions:

      2023-07-21 10:45:25,729 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,730 [DEBUG] rhsmcertd-worker:47592:MainThread @base_action_client.py:82 - running lib: <subscription_manager.healinglib.HealingActionInvoker object at 0x7fffac3982e0>
      2023-07-21 10:45:25,730 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,730 [DEBUG] rhsmcertd-worker:47592:MainThread @plugins.py:592 - loaded plugin modules: []
      2023-07-21 10:45:25,730 [DEBUG] rhsmcertd-worker:47592:MainThread @plugins.py:593 - loaded plugins: {}
      2023-07-21 10:45:25,730 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1116 - Making request: GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679
      2023-07-21 10:45:25,731 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,733 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,772 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52808), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,850 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1196 - Response time: 0.00012302398681640625, Smoothed response time: 0.00011740851402282715
      2023-07-21 10:45:25,850 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1150 - Response: status=200, requestUuid=acf90f1d-29f9-44d9-a669-229a71fb35ad, request="GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679"
      2023-07-21 10:45:25,850 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,851 [WARNING] rhsmcertd-worker:47592:MainThread @healinglib.py:86 - Auto-heal disabled on server, skipping.
      2023-07-21 10:45:25,851 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,851 [DEBUG] rhsmcertd-worker:47592:MainThread @base_action_client.py:82 - running lib: <subscription_manager.entcertlib.EntCertActionInvoker object at 0x7fffac400f10>
      2023-07-21 10:45:25,851 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:181 - Locking file: /run/rhsm/cert.pid
      2023-07-21 10:45:25,852 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1116 - Making request: GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679/certificates/serials
      2023-07-21 10:45:25,852 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:755 - Creating new connection
      2023-07-21 10:45:25,854 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:725 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, redhat-uep.pem
      2023-07-21 10:45:25,891 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:820 - Created connection: <ssl.SSLSocket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=6, laddr=('10.0.2.181', 52814), raddr=('10.2.77.208', 443)>
      2023-07-21 10:45:25,953 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1196 - Response time: 0.00012183189392089844, Smoothed response time: 0.00011785085201263428
      2023-07-21 10:45:25,953 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1150 - Response: status=200, requestUuid=5a3481c3-64c5-4e4f-8775-42fa507a8fb2, request="GET /subscription/consumers/d2154a89-29e9-47d8-8f6b-574523b30679/certificates/serials"
      2023-07-21 10:45:25,953 [DEBUG] rhsmcertd-worker:47592:MainThread @connection.py:1156 - Server wants to close connection. Closing HTTP connection
      2023-07-21 10:45:25,953 [INFO] rhsmcertd-worker:47592:MainThread @entcertlib.py:107 - certs updated:
      Total updates: 0
      Found (local) serial# []
      Expected (UEP) serial# []
      Added (new)
      <NONE>
      Deleted (rogue):
      <NONE>
      2023-07-21 10:45:25,954 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid
      2023-07-21 10:45:25,954 [DEBUG] rhsmcertd-worker:47592:MainThread @lock.py:226 - Unlocking file /run/rhsm/cert.pid

      Here is the tail of /var/log/rhsm/rhsmcertd.log corresponding to the time of the denials above...

      Fri Jul 21 10:45:23 2023 [DEBUG] (Cert check) executing: /usr/libexec/rhsmcertd-worker
      Fri Jul 21 10:45:25 2023 [INFO] (Cert Check) Certificates updated.
      Fri Jul 21 10:45:25 2023 [DEBUG] (Auto-attach) executing: /usr/libexec/rhsmcertd-worker --autoheal
      Fri Jul 21 10:45:25 2023 [INFO] (Auto-attach) Certificates updated.

      Version-Release number of selected component (if applicable):
      [root@ibm-p9z-25-lp6 ~]# rpm -q subscription-manager selinux-policy
      subscription-manager-1.29.35-1.el9.ppc64le
      selinux-policy-38.1.17-1.el9.noarch

      How reproducible:

      Steps to Reproduce:
      The automated IdentityTests.testIdentityIsBackedUpWhenConsumerIsDeletedServerSide(...) repeatedly produces this selinux denial.

      Actual results:
      selinux denials above

      Expected results:
      no selinux denials

      Additional info:

            nknazeko Nikola Kňažeková (Inactive)
            jsefler John Sefler
            Nikola Kňažeková Nikola Kňažeková (Inactive)
            Milos Malik Milos Malik
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: