Bug 1013372
Summary: | SELinux is preventing /usr/lib64/erlang/lib/couch-1.3.1/priv/couchjs from using the execmem access on a process. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Egon Kastelijn <redhat2> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, redhat2 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-04-06 00:17:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Egon Kastelijn
2013-09-29 16:46:43 UTC
Did you need to switch to permissive mode to make it working? Sorry. I should have mentioned that. -> Yes, I am running in permissive mode at the moment. $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 $ Hi Egon, It's working only in enforcing mode or also in permissive mode? Hai Lukas, I have updated my machine from Fedora 19 to 20 in the mean time. This is one of the selinux problems that occurred when I tried to start CouchDB with selinux in enforcing mode. I think a serious test should be done to make SElinux & CouchDB work nicely: 1) service stop couchdb 2) setenforce 1 3) service start couchdb <and watch /var/log/messages for errors> Following the above steps in Fedora 20 still does not result in a nice clean start of CouchDB. kind regards, Egon Hi Egon, Could you re-test it with the newiest selinux-policy package for F20? If problems still persists please attach your audit log or attach all your AVCs. Hi Lukas, I retested the problem with: couchdb-1.5.0-1.fc20.x86_64 selinux-policy-3.12.1-149.fc20.noarch # getenforce Enforcing The problem with execmem does not seem to occur any more. I see another problem with couchdb and selinux which mentions that Couchdb is trying to use 'df', but I'll register a separate bug for that. -> I think this bug can be closed now. kind regards, Egon Agree. Thank you for testing! |