Bug 224028
Summary: | SElinux type=AVC - denied messages seen for various Conga tasks | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Len DiMaggio <ldimaggi> | ||||
Component: | conga | Assignee: | Jim Parsons <jparsons> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Marthaler <cmarthal> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.0 | CC: | cluster-maint, djansa, dwalsh, jlaska, kanderso, kupcevic, rmccabe | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 5.0 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-05-07 18:28:57 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Len DiMaggio
2007-01-23 18:31:33 UTC
Correction - with SELINUX=enforcing - creating a new cluster fails. audit.log lists these AVC messages type=AVC msg=audit(1169578022.423:20): avc: denied { search } for pid=2375 comm="ricci-modrpm" name="sys" dev=proc ino=-268435428 scontext=system_u:system_r:ricci_modrpm_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir type=AVC msg=audit(1169578022.423:20): avc: denied { search } for pid=2375 comm="ricci-modrpm" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:ricci_modrpm_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir type=AVC msg=audit(1169578022.423:20): avc: denied { read } for pid=2375 comm="ricci-modrpm" name="osrelease" dev=proc ino=-268435414 scontext=system_u:system_r:ricci_modrpm_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file ----------------- Node reboots --------------------- type=AVC msg=audit(1169578176.313:7): avc: denied { search } for pid=2182 comm="ricci-modrpm" name="sys" dev=proc ino=-268435428 scontext=system_u:system_r:ricci_modrpm_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir Created attachment 146337 [details]
audit.log from ricci (cluster) node
I just saw an additional error for aisexec - the audit.log is attached - I'll
talk to Dan W. and will append additional conga-specific SELinux problems to
this bz.
type=AVC msg=audit(1169566510.494:7): avc: denied { search } for pid=1722
comm="aisexec" name="lib" dev=dm-0 ino=359042
scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=dir
The test servers also have openais-0.80.2-1.el5 installed. Seeing these errors with: selinux-policy-2.4.6-29 selinux-policy-devel-2.4.6-29 selinux-policy-targeted-2.4.6-29 type=AVC msg=audit(1169585021.575:9): avc: denied { create } for pid=2352 comm="aisexec" name="openais" scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:ccs_var_lib_t:s0 tclass=dir type=AVC msg=audit(1169585021.617:10): avc: denied { write } for pid=2352 comm="aisexec" name="sbin" dev=dm-0 ino=1305602 scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir Additional errors - this time when the cluster was created with shared storage (clvm) enabled: The system is going down for reboot NOW! type=AVC msg=audit(1169585810.806:29): avc: denied { write } for pid=3275 comm="chkconfig" name="rc0.d" dev=dm-0 ino=2056381 scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir type=AVC msg=audit(1169585810.806:29): avc: denied { remove_name } for pid=3275 comm="chkconfig" name="K74ipmi" dev=dm-0 ino=2056329 scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir type=AVC msg=audit(1169585810.806:29): avc: denied { unlink } for pid=3275 comm="chkconfig" name="K74ipmi" dev=dm-0 ino=2056329 scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=root:object_r:etc_t:s0 tclass=lnk_file type=AVC msg=audit(1169585810.808:30): avc: denied { add_name } for pid=3275 comm="chkconfig" name="K74ipmi" scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir type=AVC msg=audit(1169585810.808:30): avc: denied { create } for pid=3275 comm="chkconfig" name="K74ipmi" scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file type=AVC msg=audit(1169585810.820:31): avc: denied { unlink } for pid=3275 comm="chkconfig" name="K76clvmd" dev=dm-0 ino=2057373 scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file Connection to tng3-1.lab.msp.redhat.com closed by remote host. type=AVC msg=audit(1169585959.102:12): avc: denied { write } for pid=2307 comm="aisexec" name="ringid_10.15.89.174" dev=dm-0 ino=2284808 scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1169585972.149:20): avc: denied { connectto } for pid=2416 comm="vgscan" path=00636C766D64000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=unix_stream_socket type=AVC msg=audit(1169585972.767:21): avc: denied { write } for pid=2417 comm="lvm" name=".cache" dev=dm-0 ino=2057277 scontext=system_u:system_r:lvm_t:s0 tcontext=root:object_r:lvm_etc_t:s0 tclass=file type=AVC msg=audit(1169585972.769:22): avc: denied { unlink } for pid=2417 comm="lvm" name=".cache" dev=dm-0 ino=2057277 scontext=system_u:system_r:lvm_t:s0 tcontext=root:object_r:lvm_etc_t:s0 tclass=file type=AVC msg=audit(1169585972.924:23): avc: denied { getattr } for pid=2415 comm="clvmd" name="001" dev=tmpfs ino=3337 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.924:23): path="/dev/bus/usb/001/001" type=AVC msg=audit(1169585972.925:24): avc: denied { getattr } for pid=2415 comm="clvmd" name="hdd" dev=tmpfs ino=3406 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file type=AVC_PATH msg=audit(1169585972.925:24): path="/dev/hdd" type=AVC msg=audit(1169585972.926:25): avc: denied { getattr } for pid=2415 comm="clvmd" name="kcore" dev=proc ino=-268435434 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file type=AVC_PATH msg=audit(1169585972.926:25): path="/proc/kcore" type=AVC msg=audit(1169585972.928:26): avc: denied { getattr } for pid=2415 comm="clvmd" name="gpmctl" dev=tmpfs ino=6662 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:gpmctl_t:s0 tclass=sock_file type=AVC_PATH msg=audit(1169585972.928:26): path="/dev/gpmctl" type=AVC msg=audit(1169585972.928:27): avc: denied { getattr } for pid=2415 comm="clvmd" name="initctl" dev=tmpfs ino=953 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file type=AVC_PATH msg=audit(1169585972.928:27): path="/dev/initctl" type=AVC msg=audit(1169585972.928:28): avc: denied { getattr } for pid=2415 comm="clvmd" name="event0" dev=tmpfs ino=3384 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.928:28): path="/dev/input/event0" type=AVC msg=audit(1169585972.929:29): avc: denied { getattr } for pid=2415 comm="clvmd" name="mice" dev=tmpfs ino=2383 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:mouse_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.929:29): path="/dev/input/mice" type=AVC msg=audit(1169585972.929:30): avc: denied { getattr } for pid=2415 comm="clvmd" name="kmsg" dev=tmpfs ino=1550 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:printk_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.929:30): path="/dev/kmsg" type=AVC msg=audit(1169585972.929:31): avc: denied { getattr } for pid=2415 comm="clvmd" name="MAKEDEV" dev=dm-0 ino=2742024 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file type=AVC_PATH msg=audit(1169585972.929:31): path="/sbin/MAKEDEV" type=AVC msg=audit(1169585972.929:32): avc: denied { getattr } for pid=2415 comm="clvmd" name="control" dev=tmpfs ino=719 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.929:32): path="/dev/mapper/control" type=AVC msg=audit(1169585972.929:33): avc: denied { getattr } for pid=2415 comm="clvmd" name="mem" dev=tmpfs ino=1602 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.929:33): path="/dev/mem" type=AVC msg=audit(1169585972.930:34): avc: denied { getattr } for pid=2415 comm="clvmd" name="tun" dev=tmpfs ino=1201 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:tun_tap_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.930:34): path="/dev/net/tun" type=AVC msg=audit(1169585972.930:35): avc: denied { getattr } for pid=2415 comm="clvmd" name="nvram" dev=tmpfs ino=2422 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:nvram_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.930:35): path="/dev/nvram" type=AVC msg=audit(1169585972.930:36): avc: denied { getattr } for pid=2415 comm="clvmd" name="parport0" dev=tmpfs ino=1192 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:printer_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.930:36): path="/dev/parport0" type=AVC msg=audit(1169585972.930:37): avc: denied { getattr } for pid=2415 comm="clvmd" name="ppp" dev=tmpfs ino=1205 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:ppp_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.930:37): path="/dev/ppp" type=AVC msg=audit(1169585972.930:38): avc: denied { getattr } for pid=2415 comm="clvmd" name="ptmx" dev=tmpfs ino=628 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.930:38): path="/dev/ptmx" type=AVC msg=audit(1169585972.931:39): avc: denied { getattr } for pid=2415 comm="clvmd" name="random" dev=tmpfs ino=1574 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:random_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.931:39): path="/dev/random" type=AVC msg=audit(1169585972.931:40): avc: denied { getattr } for pid=2415 comm="clvmd" name="rtc" dev=tmpfs ino=629 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:clock_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.931:40): path="/dev/rtc" type=AVC msg=audit(1169585972.931:41): avc: denied { getattr } for pid=2415 comm="clvmd" name="sg0" dev=tmpfs ino=4062 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.931:41): path="/dev/sg0" type=AVC msg=audit(1169585972.931:42): avc: denied { getattr } for pid=2415 comm="clvmd" name="/" dev=tmpfs ino=4829 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC_PATH msg=audit(1169585972.931:42): path="/dev/shm" type=AVC msg=audit(1169585972.931:43): avc: denied { read } for pid=2415 comm="clvmd" name="/" dev=tmpfs ino=4829 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1169585972.932:44): avc: denied { getattr } for pid=2415 comm="clvmd" name="snapshot" dev=tmpfs ino=2446 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:apm_bios_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.932:44): path="/dev/snapshot" type=AVC msg=audit(1169585972.932:45): avc: denied { ptrace } for pid=2415 comm="clvmd" scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=process type=AVC msg=audit(1169585972.933:46): avc: denied { getattr } for pid=2415 comm="clvmd" name="urandom" dev=tmpfs ino=1559 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585972.933:46): path="/dev/urandom" type=AVC msg=audit(1169585973.183:47): avc: denied { read } for pid=2415 comm="clvmd" name="hdd" dev=tmpfs ino=3406 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file type=AVC msg=audit(1169585973.253:48): avc: denied { read write } for pid=2415 comm="clvmd" name="control" dev=tmpfs ino=719 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file type=AVC msg=audit(1169585973.254:49): avc: denied { ioctl } for pid=2415 comm="clvmd" name="control" dev=tmpfs ino=719 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file type=AVC_PATH msg=audit(1169585973.254:49): path="/dev/mapper/control" With: selinux-policy-2.4.6-30.el5 selinux-policy-targeted-2.4.6-30.el5 Now seeing these AVC messages after the cluster nodes reboot: type=AVC msg=audit(1169652313.674:13): avc: denied { getattr } for pid=2445 comm="clvmd" name="kcore" dev=proc ino=-268435434 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file type=AVC_PATH msg=audit(1169652313.674:13): path="/proc/kcore" type=AVC msg=audit(1169652313.675:14): avc: denied { getattr } for pid=2445 comm="clvmd" name="initctl" dev=tmpfs ino=953 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file type=AVC_PATH msg=audit(1169652313.675:14): path="/dev/initctl" type=AVC msg=audit(1169652313.676:15): avc: denied { getattr } for pid=2445 comm="clvmd" name="MAKEDEV" dev=dm-0 ino=2742024 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file type=AVC_PATH msg=audit(1169652313.676:15): path="/sbin/MAKEDEV" type=AVC msg=audit(1169652313.677:16): avc: denied { getattr } for pid=2445 comm="clvmd" name="/" dev=tmpfs ino=4822 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC_PATH msg=audit(1169652313.677:16): path="/dev/shm" type=AVC msg=audit(1169652313.677:17): avc: denied { read } for pid=2445 comm="clvmd" name="/" dev=tmpfs ino=4822 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1169652313.805:18): avc: denied { read } for pid=2445 comm="clvmd" name="hdd" dev=tmpfs ino=3488 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file Added rules to fix this to selinux-policy-2.4.6-31.el5 A couple more: type=AVC msg=audit(1169653773.919:19): avc: denied { unlink } for pid=4582 comm="chkconfig" name="K74ipmi" dev=dm-0 ino=2056329 scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file type=AVC msg=audit(1169653773.919:20): avc: denied { create } for pid=4582 comm="chkconfig" name="K74ipmi" scontext=system_u:system_r:ricci_modservice_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file And this: type=AVC msg=audit(1169655513.340:27): avc: denied { sys_admin } for pid=2417 comm="clvmd" capability=21 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=capability Additional AVC messages: type=AVC msg=audit(1169668712.387:151): avc: denied { read } for pid=19334 comm="pidof" name="exe" dev=proc ino=154337288 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=lnk_file type=AVC msg=audit(1169668712.387:151): avc: denied { ptrace } for pid=19334 comm="pidof" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=process type=AVC msg=audit(1169668712.388:152): avc: denied { search } for pid=19334 comm="pidof" name="2399" dev=proc ino=157220866 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=dir type=AVC msg=audit(1169668712.388:152): avc: denied { read } for pid=19334 comm="pidof" name="stat" dev=proc ino=157220877 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=file type=AVC msg=audit(1169668712.388:153): avc: denied { getattr } for pid=19334 comm="pidof" name="stat" dev=proc ino=157220877 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=file type=AVC_PATH msg=audit(1169668712.388:153): path="/proc/2399/stat" type=AVC msg=audit(1169668712.388:154): avc: denied { read } for pid=19334 comm="pidof" name="exe" dev=proc ino=157220872 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=lnk_file type=AVC msg=audit(1169668712.388:154): avc: denied { ptrace } for pid=19334 comm="pidof" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=process type=AVC msg=audit(1169668712.394:155): avc: denied { ptrace } for pid=19334 comm="pidof" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process type=AVC msg=audit(1169668712.396:156): avc: denied { ptrace } for pid=19334 comm="pidof" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:system_r:ricci_modstorage_t:s0 tclass=process type=AVC msg=audit(1169668712.997:157): avc: denied { sys_admin } for pid=2427 comm="clvmd" capability=21 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:system_r:clvmd_t:s0 tclass=capability type=AVC msg=audit(1169668713.034:158): avc: denied { search } for pid=19339 comm="touch" name="lock" dev=dm-0 ino=359073 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=dir type=AVC msg=audit(1169668713.034:158): avc: denied { write } for pid=19339 comm="touch" name="clvmd" dev=dm-0 ino=359617 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:var_lock_t:s0 tclass=file Just saw these with: selinux-policy-2.4.6-31 selinux-policy-devel-2.4.6-31 selinux-policy-targeted-2.4.6-31 type=AVC msg=audit(1169740819.574:7): avc: denied { search } for pid=2083 comm="lvmconf" name="nscd" dev=dm-0 ino=359391 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:nscd_var_run_t:s0 tclass=dir type=AVC msg=audit(1169740819.600:8): avc: denied { write } for pid=2083 comm="lvmconf" name="lvm" dev=dm-0 ino=2056322 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=dir type=AVC msg=audit(1169740819.600:8): avc: denied { add_name } for pid=2083 comm="lvmconf" name=".lvmconf-script.tmp" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=dir type=AVC msg=audit(1169740819.600:8): avc: denied { create } for pid=2083 comm="lvmconf" name=".lvmconf-script.tmp" scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=file type=AVC msg=audit(1169740819.602:9): avc: denied { write } for pid=2083 comm="lvmconf" name=".lvmconf-script.tmp" dev=dm-0 ino=2057876 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=file type=AVC_PATH msg=audit(1169740819.602:9): path="/etc/lvm/.lvmconf-script.tmp" type=AVC msg=audit(1169740819.621:10): avc: denied { remove_name } for pid=2091 comm="rm" name=".lvmconf-script.tmp" dev=dm-0 ino=2057876 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=dir type=AVC msg=audit(1169740819.621:10): avc: denied { unlink } for pid=2091 comm="rm" name=".lvmconf-script.tmp" dev=dm-0 ino=2057876 scontext=system_u:system_r:ricci_modstorage_t:s0 tcontext=system_u:object_r:lvm_etc_t:s0 tclass=file type=AVC msg=audit(1169740902.076:17): avc: denied { add_name } for pid=2310 comm="aisexec" name="core.2310" scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=dir type=AVC msg=audit(1169740902.076:17): avc: denied { create } for pid=2310 comm="aisexec" name="core.2310" scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file type=AVC msg=audit(1169740902.076:17): avc: denied { write } for pid=2310 comm="aisexec" name="core.2310" dev=dm-0 ino=1315044 scontext=system_u:system_r:ccs_t:s0 tcontext=system_u:object_r:sbin_t:s0 tclass=file type=AVC msg=audit(1169763958.003:86): avc: denied { rmdir } for pid=30893 comm="lvremove" name="new_vg" dev=tmpfs ino=4749 scontext=root:system_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir type=AVC msg=audit(1169764955.610:90): avc: denied { rmdir } for pid=32300 comm="lvremove" name="new_vol_group" dev=tmpfs ino=331676 scontext=root:system_r:lvm_t:s0-s0:c0.c1023 tcontext=root:object_r:device_t:s0 tclass=dir Hadn't seen this one before: type=AVC msg=audit(1170252416.439:12): avc: denied { read } for pid=2402 comm="clvmd" name="hdd" dev=tmpfs ino=3330 scontext=system_u:system_r:clvmd_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file Note: name="hdd" Fixed in selinux-policy-2.4.6-35 Fixing Product Name. Cluster Suite was merged into Enterprise Linux for version 5.0. Think this one was fixed in rhel5.0 release. Jim, please close if that is true. |