| Summary: | (RHEL7) CTDB: SELinux: ctdb disablescript fails to execute because of SELinux avc's | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | surabhi <sbhaloth> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.2 | CC: | lvrabec, madam, mgrepl, mmalik, nlevinki, plautrba, pvrabec, rcyriac, rhs-smb, sbhaloth, ssekidde, storage-qa-internal |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.13.1-66.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1290514 | Environment: | |
| Last Closed: | 2016-11-04 02:39:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 1290514, 1293787 | ||
|
Comment 2
surabhi
2015-12-23 05:16:24 UTC
allow ctdbd_t bin_t : file { setattr };
is caused by /etc/ctdb/events.d/SCRIPT labeling as etc_t. We probably want to introduce a new script type or label it as ctdbd_exec_t and allow setattr.
Could you please re-test it with
chcon -R -t ctdbd_exec_t /etc/ctdb/events.d
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html Verified. |