Bug 215973

Summary: [RHEL5 Beta2] device-mapper-multipath: multipathd can't create map when selinux is enabled.
Product: Red Hat Enterprise Linux 5 Reporter: Kiyoshi Ueda <kueda>
Component: device-mapper-multipathAssignee: Ben Marzinski <bmarzins>
Status: CLOSED CURRENTRELEASE QA Contact: Corey Marthaler <cmarthal>
Severity: high Docs Contact:
Priority: medium    
Version: 5.0CC: agk, bmarzins, christophe.varoqui, dwysocha, egoggin, jnomura, junichi.nomura, kueda, kueda, lmb, mbroz, prockai, tao, tranlan
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.0.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-07 18:08:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/var/log/messages
none
/var/log/audit/audit.log none

Description Kiyoshi Ueda 2006-11-16 17:16:12 UTC 
Description of problem:
multipathd can't create map at startup time when selinux is enabled.


Version-Release number of selected component:
device-mapper-multipath-0.4.7-5.2
selinux-policy-2.4.3-8.el5


How reproducible:
Always


Steps to Reproduce:
 1. Prepare multipath device and exclude it from blacklist of
    /etc/multipath.conf
 2. Enable selinux
 3. Start multipathd
        # /etc/init.d/multipathd start


Actual results:
Multipath map isn't created, even though it is created when multipath
command is executed.
------------------------------------------------------------------------
[root@nec-tx7-1 ~]# dmsetup ls
No devices found
[root@nec-tx7-1 ~]# /etc/init.d/multipathd start
Starting multipathd daemon:                                [  OK  ]
[root@nec-tx7-1 ~]# dmsetup ls
No devices found
[root@nec-tx7-1 ~]# multipath
create: disk2 (1NEC_iStorage_2000_000000092680024600002)  NEC,iStorage 2000
[size=67G][features=0][hwhandler=0]
\_ round-robin 0 [prio=1][undef]
 \_ 4:0:0:2  sdg 8:96  [undef][ready]
\_ round-robin 0 [prio=1][undef]
 \_ 5:0:0:2  sdh 8:112 [undef][ready]
[root@nec-tx7-1 ~]# dmsetup table
disk2: 0 139841536 multipath 0 0 2 1 round-robin 0 1 1 8:96 1000 round-robin 0 1
1 8:112 1000
[root@nec-tx7-1 ~]#
------------------------------------------------------------------------


Expected results:
Multipath map should be created when multipathd is started.


Additional info:
"scsi_id" and "net_admin" seem to be prevented to access
from multipathd by selinux.
/var/log/messages and /var/log/audit/audit.log of when multipathd
is started with "-v3" option are attached.
Comment 1 Kiyoshi Ueda 2006-11-16 17:16:12 UTC 
Created attachment 141388 [details]
/var/log/messages
Comment 2 Kiyoshi Ueda 2006-11-16 17:18:42 UTC 
Created attachment 141389 [details]
/var/log/audit/audit.log
Comment 3 Ben Marzinski 2006-11-30 23:54:35 UTC 
This is the same issue as bz #215001 (except for RHEL5). The selinux policy fix
is in selinux-policy-2.4.3-10. I have changed the multipath, rpm to create
/var/lib/multipath on installation, so that it will work better with SELinux.
Comment 6 RHEL Program Management 2007-05-01 15:56:28 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 Kiersten (Kerri) Anderson 2007-05-07 18:08:28 UTC 
Marking as CURRENT RELEASE since comments #5 indicates it is fixed in 5.0 GA.