Bug 1207537

Summary: SELinux is preventing docker from 'getattr' accesses on the directory /etc/glusterfs.
Product: [Fedora] Fedora Reporter: autarch princeps <autarch>
Component: dockerAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: admiller, autarch, dominick.grift, dwalsh, ichavero, jcajka, jchaloup, lsm5, lvrabec, mattdm, mgrepl, plautrba, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:b557373297f906c13c2cfff248ebf56438e4f7bbc401c243085db740dca1f1d6
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-06-02 18:28:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description autarch princeps 2015-03-31 06:59:17 UTC 
Description of problem:
SELinux is preventing docker from 'getattr' accesses on the directory /etc/glusterfs.

*****  Plugin catchall (100. confidence) suggests   **************************

If sie denken, dass es docker standardmässig erlaubt sein sollte, getattr Zugriff auf glusterfs directory zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen:
# grep docker /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:docker_t:s0
Target Context                system_u:object_r:glusterd_conf_t:s0
Target Objects                /etc/glusterfs [ dir ]
Source                        docker
Source Path                   docker
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           glusterfs-server-3.6.2-2.fc22.x86_64
Policy RPM                    selinux-policy-3.13.1-119.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 4.0.0-0.rc4.git0.1.fc22.x86_64 #1
                              SMP Mon Mar 16 14:36:23 UTC 2015 x86_64 x86_64
Alert Count                   1
First Seen                    2015-03-30 13:05:49 CEST
Last Seen                     2015-03-30 13:05:49 CEST
Local ID                      55b11c21-0504-48fe-8131-3a495527d130

Raw Audit Messages
type=AVC msg=audit(1427713549.233:2573): avc:  denied  { getattr } for  pid=664 comm="docker" path="/etc/glusterfs" dev="sdc1" ino=815839716 scontext=system_u:system_r:docker_t:s0 tcontext=system_u:object_r:glusterd_conf_t:s0 tclass=dir permissive=1


Hash: docker,docker_t,glusterd_conf_t,dir,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-119.fc22.noarch

Additional info:
reporter:       libreport-2.5.0
hashmarkername: setroubleshoot
kernel:         4.0.0-0.rc5.git1.3.fc22.x86_64
type:           libreport
Comment 1 Daniel Walsh 2015-03-31 15:26:37 UTC 
What were you doing when this happened?
Comment 2 Daniel Walsh 2015-04-14 18:29:03 UTC 
Lukas Probably will be fixed when we get an updated docker-selinux package.
Comment 3 Daniel Walsh 2015-06-02 18:28:22 UTC 

*** This bug has been marked as a duplicate of bug 1221379 ***
Comment 4 Red Hat Bugzilla 2023-09-14 02:57:22 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days