Bug 1000624

Summary: can't start cluster with selinux set to enforcing
Product: Red Hat Enterprise Linux 6 Reporter: Corey Marthaler <cmarthal>
Component: clusterAssignee: Christine Caulfield <ccaulfie>
Status: CLOSED DUPLICATE QA Contact: Cluster QE <mspqa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.5CC: ccaulfie, cluster-maint, fdinitto, mgrepl, rpeterso, teigland
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-27 08:13:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Corey Marthaler 2013-08-23 21:38:41 UTC 
Description of problem:
Is there a newer selinux policy that I need? 

[root@taft-01 ~]# getenforce
Enforcing
[root@taft-01 ~]# service cman start
Starting cluster: 
   Checking if cluster has been disabled at boot...        [  OK  ]
   Checking Network Manager...                             [  OK  ]
   Global setup...                                         [  OK  ]
   Loading kernel modules...                               [  OK  ]
   Mounting configfs...                                    [  OK  ]
   Starting cman...                                        [  OK  ]
   Waiting for quorum...                                   [  OK  ]
   Starting fenced...                                      [  OK  ]
   Starting dlm_controld...                                [  OK  ]
   Tuning DLM kernel config...                             [  OK  ]
   Starting gfs_controld...                                [  OK  ]
   Unfencing self... fence_node: cannot connect to cman
                                                           [FAILED]
Stopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman... Timed-out waiting for cluster
                                                           [FAILED]


Aug 23 16:31:07 taft-01 fenced[2463]: fenced 3.0.12.1 started
Aug 23 16:31:07 taft-01 dlm_controld[2472]: dlm_controld 3.0.12.1 started
Aug 23 16:31:09 taft-01 fenced[2463]: cman_admin_init error 13
Aug 23 16:31:09 taft-01 dlm_controld[2472]: cman_admin_init error 13
Aug 23 16:31:17 taft-01 gfs_controld[2504]: gfs_controld 3.0.12.1 started
Aug 23 16:31:18 taft-01 gfs_controld[2504]: cman_admin_init error 13



type=SYSCALL msg=audit(1377293699.584:47): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff2450ca40 a2=6e a3=60 items=0 ppid=1 pid=2618 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=unconfined_u:system_r:dlm_controld_t:s0 key=(null)
type=AVC msg=audit(1377293700.533:48): avc:  denied  { write } for  pid=2609 comm="fenced" name="cman_admin" dev=dm-0 ino=656773 scontext=unconfined_u:system_r:fenced_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293700.533:48): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=7fff236dc760 a2=6e a3=60 items=0 ppid=1 pid=2609 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="fenced" exe="/usr/sbin/fenced" subj=unconfined_u:system_r:fenced_t:s0 key=(null)
type=AVC msg=audit(1377293700.584:49): avc:  denied  { write } for  pid=2618 comm="dlm_controld" name="cman_admin" dev=dm-0 ino=656773 scontext=unconfined_u:system_r:dlm_controld_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293700.584:49): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff2450ca40 a2=6e a3=60 items=0 ppid=1 pid=2618 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=unconfined_u:system_r:dlm_controld_t:s0 key=(null)
type=AVC msg=audit(1377293708.680:50): avc:  denied  { write } for  pid=2650 comm="gfs_controld" name="cman_admin" dev=dm-0 ino=656773 scontext=unconfined_u:system_r:gfs_controld_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293708.680:50): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=7fff9c565fe0 a2=6e a3=7fff9c565d60 items=0 ppid=1 pid=2650 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gfs_controld" exe="/usr/sbin/gfs_controld" subj=unconfined_u:system_r:gfs_controld_t:s0 key=(null)
type=AVC msg=audit(1377293708.710:51): avc:  denied  { write } for  pid=2663 comm="fence_node" name="cman_client" dev=dm-0 ino=656772 scontext=unconfined_u:system_r:fenced_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293708.710:51): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7fff063a31b0 a2=6e a3=7fff063a2f30 items=0 ppid=2662 pid=2663 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="fence_node" exe="/usr/sbin/fence_node" subj=unconfined_u:system_r:fenced_t:s0 key=(null)
type=AVC msg=audit(1377293708.798:52): avc:  denied  { write } for  pid=2650 comm="gfs_controld" name="cman_admin" dev=dm-0 ino=656773 scontext=unconfined_u:system_r:gfs_controld_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293708.798:52): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff9c565fe0 a2=6e a3=60 items=0 ppid=1 pid=2650 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gfs_controld" exe="/usr/sbin/gfs_controld" subj=unconfined_u:system_r:gfs_controld_t:s0 key=(null)
type=AVC msg=audit(1377293709.064:53): avc:  denied  { write } for  pid=2650 comm="gfs_controld" name="cman_admin" dev=dm-0 ino=656773 scontext=unconfined_u:system_r:gfs_controld_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1377293709.064:53): arch=c000003e syscall=42 success=no exit=-13 a0=9 a1=7fff9c565fe0 a2=6e a3=60 items=0 ppid=1 pid=2650 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="gfs_controld" exe="/usr/sbin/gfs_controld" subj=unconfined_u:system_r:gfs_controld_t:s0 key=(null)


Version-Release number of selected component (if applicable):
corosync-1.4.1-17.el6.x86_64
cman-3.0.12.1-56.el6.x86_64
pacemaker-1.1.10-6.el6.x86_64
selinux-policy-3.7.19-211.el6.noarch
selinux-policy-targeted-3.7.19-211.el6.noarch


How reproducible:
Everytime
Comment 2 Fabio Massimo Di Nitto 2013-08-27 05:53:48 UTC 

*** This bug has been marked as a duplicate of bug 915151 ***
Comment 3 Miroslav Grepl 2013-08-27 08:13:04 UTC 

*** This bug has been marked as a duplicate of bug 997357 ***