Bug 214674
Summary: | openais attempts to write core file to /usr/sbin - prevented by SELinux | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Len DiMaggio <ldimaggi> |
Component: | openais | Assignee: | Steven Dake <sdake> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | CC: | cluster-maint, djansa, dwalsh, jlaska, kanderso, rkenna |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 5.0.0 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-11-28 21:34:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Len DiMaggio
2006-11-08 20:35:33 UTC
recommend beta blocker. No cores = no way to debug any field failure. Patch available and merged upstream. Devel ACK - There is no way to fix this for SELinux. I will not allow a binary file to write to the /usr/sbin directory. That breaks the concept of SELinux. We are trying to protect the system from binaries writing trojan software and defining which directory an application is designed to write to. Currenly we are letting binaries drop core files in /. This is where daemons usually drop their cores. I am reopening this one. It isn't against SELinux but against openais. Openais needs to change to not dump cores in /usr/sbin. Patch is already available and built. Marking it as MODIFIED since patch is already available for openais. Dan, The way I fixed this was to dump a core file in /var/run/openais instead. I assume this is acceptable by SELinux? Regards -steve |