Bug 1258154
Summary: | [PKI] selinux rejects ssh-keygen from accessing /tmp | ||
---|---|---|---|
Product: | [Retired] oVirt | Reporter: | Alon Bar-Lev <alonbl> |
Component: | ovirt-engine-core | Assignee: | Alon Bar-Lev <alonbl> |
Status: | CLOSED UPSTREAM | QA Contact: | Pavel Stehlik <pstehlik> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.6 | CC: | bugs, ecohen, gklein, iheim, lsurette, rbalakri, sabose, sbonazzo, yeylon |
Target Milestone: | --- | ||
Target Release: | 3.6.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | infra | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-08-31 08:27:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1258365 | ||
Bug Blocks: |
Description
Alon Bar-Lev
2015-08-29 17:44:13 UTC
Cannot actually reproduce this, need access to environment to compare. (In reply to Alon Bar-Lev from comment #1) > Cannot actually reproduce this, need access to environment to compare. oh, it is probably not even rhel as there is -n and not -Z argument, need to know exact distro. This is centos-7.0 specific selinux policy issue. ovirt-engine service runs as: --- uid=108(ovirt) gid=108(ovirt) groups=108(ovirt) context=system_u:system_r:init_t:s0 --- after updating from: --- selinux-policy-targeted-3.12.1-153.el7.noarch selinux-policy-3.12.1-153.el7.noarch --- to: --- selinux-policy-3.13.1-23.el7_1.13.noarch selinux-policy-targeted-3.13.1-23.el7_1.13.noarch --- ovirt-engine service runs as: --- uid=108(ovirt) gid=108(ovirt) groups=108(ovirt) context=system_u:system_r:unconfined_service_t:s0 --- issue is now resolved, I do not wish to add explicit dependency of selinux-policy to engine for centos specific issue, for now we will assume people using up to date system or refer to this bug to update the selinux policy. |