search cancel

WA Agent activity results in extra logging by SElinux

book

Article ID: 254374

calendar_today

Updated On:

Products

Workload Automation Agent

Issue/Introduction

Is there a recommendation to reduce SELinux related messages in /var/log/messages?

The SELinux policies creates large logs for WA Agent activity.

SELinux is preventing /ESP_Agent/R11.5/cybspawn.bin 
from write access on the message queue labeled init_t.#012#012***** Plugin

Environment

Release : 11.5/R 12.x

OS : Linux

Cause

The SELinux policy may not allow logs to rotate.  It is also possible that audit logs are being sent to /var/log/messages.

See this link to enable log rotation and this link to control audit messages.  Note: These are non-Broadcom links, Broadcom is not responsible for content.

It is highly recommended to consult Linux admin to disable or route the SELinux message related to WA agent to some other place.

Resolution

I have checked the log snippet you provided.  The logging is due SELinux restriction/policy.  As I mentioned, agent has no control over that.  WA agent cannot bypass OS and SElinux restrictions.

 

This message here indicates that SELinux has policies that prevents agent from writing logs, this is probably job output.

SELinux is preventing /ESP_Agent/R11.5/cybspawn.bin 
from write access on the message queue labeled init_t.#012#012***** Plugin

----

You will need to check with your Linux admin to fix SElinux policy.