Bug 1595961
| Summary: | avc denied message when attempting to start dlm_controld for use with lvmlockd | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Corey Marthaler <cmarthal> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED DUPLICATE | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.6 | CC: | cfeist, lvrabec, mgrepl, mmalik, plautrba, ssekidde, teigland |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-06-28 07:52:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I believe this bug is a duplicate of BZ#1589257. *** This bug has been marked as a duplicate of bug 1589257 *** |
Description of problem: This was while attempting to start a dlm+lvmlockd cluster. Jun 27 17:24:02 harding-02 crmd[40937]: notice: Initiating monitor operation smoke-apc_monitor_60000 locally on harding-02 Jun 27 17:24:02 harding-02 crmd[40937]: notice: Initiating stop operation dlm_for_lvmlockd_stop_0 on harding-03 Jun 27 17:24:02 harding-02 crmd[40937]: notice: Initiating start operation dlm_for_lvmlockd:1_start_0 locally on harding-02 Jun 27 17:24:02 harding-02 dlm_controld[56401]: 106265 dlm_controld 4.0.7 started Jun 27 17:24:02 harding-02 dlm_controld[56401]: 106265 corosync cfg init error 11 Jun 27 17:24:03 harding-02 crmd[40937]: notice: Result of start operation for dlm_for_lvmlockd on harding-02: 7 (not running) Jun 27 17:24:03 harding-02 crmd[40937]: warning: Action 6 (dlm_for_lvmlockd:1_start_0) on harding-02 failed (target: 0 vs. rc: 7): Error Jun 27 17:24:03 harding-02 crmd[40937]: notice: Transition aborted by operation dlm_for_lvmlockd_start_0 'modify' on harding-02: Event failed Jun 27 17:24:03 harding-02 crmd[40937]: warning: Action 6 (dlm_for_lvmlockd:1_start_0) on harding-02 failed (target: 0 vs. rc: 7): Error Jun 27 17:24:03 harding-02 crmd[40937]: notice: Transition aborted by status-1-fail-count-dlm_for_lvmlockd.start_0 doing create fail-count-dlm_for_lvmlockd#start_0=INFINITY: Transient attribute type=AVC msg=audit(1530137630.704:4281): avc: denied { map } for pid=55043 comm="dlm_controld" path="/dev/shm/qb-cfg-request-40924-55043-25-header" dev="tmpfs" ino=453252 scontext=system_u:system_r:dlm_controld_t:s0 tcontext=system_u:object_r:cluster_tmpfs_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1530137630.704:4281): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=203c a2=3 a3=1 items=0 ppid=1 pid=55043 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=system_u:system_r:dlm_controld_t:s0 key=(null) type=PROCTITLE msg=audit(1530137630.704:4281): proctitle=646C6D5F636F6E74726F6C64002D7330002D4C type=AVC msg=audit(1530137630.720:4282): avc: denied { map } for pid=55048 comm="dlm_controld" path="/dev/shm/qb-cfg-request-40924-55048-25-header" dev="tmpfs" ino=453260 scontext=system_u:system_r:dlm_controld_t:s0 tcontext=system_u:object_r:cluster_tmpfs_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1530137630.720:4282): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=203c a2=3 a3=1 items=0 ppid=55019 pid=55048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=system_u:system_r:dlm_controld_t:s0 key=(null) type=PROCTITLE msg=audit(1530137630.720:4282): proctitle=646C6D5F636F6E74726F6C64002D7330002D44 type=AVC msg=audit(1530138242.266:4283): avc: denied { map } for pid=56401 comm="dlm_controld" path="/dev/shm/qb-cfg-request-40924-56401-25-header" dev="tmpfs" ino=474115 scontext=system_u:system_r:dlm_controld_t:s0 tcontext=system_u:object_r:cluster_tmpfs_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1530138242.266:4283): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=203c a2=3 a3=1 items=0 ppid=1 pid=56401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dlm_controld" exe="/usr/sbin/dlm_controld" subj=system_u:system_r:dlm_controld_t:s0 key=(null) type=PROCTITLE msg=audit(1530138242.266:4283): proctitle=646C6D5F636F6E74726F6C64002D7330002D4C Version-Release number of selected component (if applicable): [root@harding-02 audit]# rpm -qi selinux-policy Name : selinux-policy Version : 3.13.1 Release : 204.el7 Architecture: noarch Install Date: Tue 26 Jun 2018 10:46:53 AM CDT Group : System Environment/Base Size : 6478 License : GPLv2+ Signature : RSA/SHA256, Thu 14 Jun 2018 01:58:39 PM CDT, Key ID 199e2f91fd431d51 Source RPM : selinux-policy-3.13.1-204.el7.src.rpm Build Date : Thu 14 Jun 2018 11:52:43 AM CDT Build Host : arm64-011.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration How reproducible: Everytime