Bug 1589257
Summary: | SELinux map denials for dlm_controld | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nate Straz <nstraz> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.6 | CC: | cluster-qe, cmarthal, gfs2-maint, lvrabec, mgrepl, mmalik, nstraz, plautrba, ssekidde |
Target Milestone: | beta | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-207.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:05:18 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1460322, 1592244 | ||
Bug Blocks: |
Description
Nate Straz
2018-06-08 14:20:59 UTC
Which repository do I need to successfully install /usr/sbin/dlm_controld ? The dlm package is in the ResilientStorage add-on. *** Bug 1595961 has been marked as a duplicate of this bug. *** If bug 1595961 is a dup of this one, then it's not fixed yet since I'm running 3.13.1-204.el7 type=SYSCALL msg=audit(1530137630.720:4282): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=203c a2=3 a3=1 items=0 ppid=55019 pid=55048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=system_u:system_r:dlm_controld_t:s0 key=(null) type=PROCTITLE msg=audit(1530137630.720:4282): proctitle=646C6D5F636F6E74726F6C64002D7330002D44 type=AVC msg=audit(1530138242.266:4283): avc: denied { map } for pid=56401 comm="dlm_controld" path="/dev/shm/qb-cfg-request-40924-56401-25-header" dev="tmpfs" ino=474115 scontext=system_u:system_r:dlm_controld_t:s0 tcontext=system_u:object_r:cluster_tmpfs_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1530138242.266:4283): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=203c a2=3 a3=1 items=0 ppid=1 pid=56401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=system_u:system_r:dlm_controld_t:s0 key=(null) [root@harding-02 audit]# ausearch -m AVC -ts yesterday | audit2allow #============= dlm_controld_t ============== allow dlm_controld_t cluster_tmpfs_t:file map; [root@harding-02 audit]# rpm -qi selinux-policy Name : selinux-policy Version : 3.13.1 Release : 204.el7 Architecture: noarch Install Date: Tue 26 Jun 2018 10:46:53 AM CDT Group : System Environment/Base Size : 6478 License : GPLv2+ Signature : RSA/SHA256, Thu 14 Jun 2018 01:58:39 PM CDT, Key ID 199e2f91fd431d51 Source RPM : selinux-policy-3.13.1-204.el7.src.rpm Build Date : Thu 14 Jun 2018 11:52:43 AM CDT Build Host : arm64-011.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 Fix verified in selinux-policy-3.13.1-207.el7. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |