Bug 1302736
Summary: | SELinux is preventing /bin/chown from 'setattr' accesses on the directory data. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Raman Gupta <rocketraman> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba, rocketraman |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:f06c4e0f7406b917056df6a0e6d48f0a2946dcbc9b74c97b0d753aa0e96c4487; | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-30 18:12:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Raman Gupta
2016-01-28 13:51:00 UTC
Looks like you are volume mounting /usr content into a container and then trying to chown it, this would neo be allowed. Where is the data directory? If you volume mount using :Z I think I see what happened: the security context of the postgres data directory used by https://github.com/sameersbn/docker-postgresql was not set. My dev team mapped the postgres data files on the host to a directory in /opt rather than /srv (which explains the usr_t context). As a side note, why does the output only provide the target basename? I would have immediately identified the issue if it provided the absolute path. Thanks for replying. Closing. Full path auditing is turned off by default, since there is some performance hit if you turn it on. You can enable it by turning on auditing. Although most likely you would never notice. echo "-w /etc/shadow" >> /etc/audit/rules.d/audit.rules systemctl start auditd.service Will turn it on on your system. Thanks! |