Bug 613551
| Summary: | Aisexec cannot mmap and unlink file in /dev/shm and /var/run | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jan Friesse <jfriesse> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.5 | CC: | cluster-maint, mmalik, sdake |
| Target Milestone: | rc | ||
| Target Release: | 5.6 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Recently, the OpenAIS Standards-Based Cluster Framework, an open implementation of the Application Interface Specification (AIS), started using POSIX semaphores instead of the SysV semaphores. With this update, relevant SELinux rules have been adjusted to reflect this change.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-01-13 21:49:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 561546, 626910 | ||
|
Comment 1
Steven Dake
2010-07-12 16:47:22 UTC
Steven /dev/shm should be labeled tmpfs_t? This looks like something is mislabeled? Dan, Not entirely sure - Honza (jfriesse) ran the tests. It is possible his system is not labeled properly. He should be able to provide more information on the topic. (In reply to comment #2) > Steven /dev/shm should be labeled tmpfs_t? This looks like something is > mislabeled? Dan, it looks like (maybe) bug in selinux: - I've ran restorecon -RvF / (to make sure that my compiled binaries have right context) ls -ladZ /dev/shm drwxrwxrwt root root system_u:object_r:device_t /dev/shm - After computer reboot (I didn't reboot it before) ls -ladZ /dev/shm drwxrwxrwt root root system_u:object_r:tmpfs_t /dev/shm - It's fully updated RHEL 5.5 - rpm -qa selinux* selinux-policy-targeted-2.4.6-279.el5 selinux-policy-2.4.6-279.el5 selinux-policy-devel-2.4.6-279.el5 - getenforce Enforcing But back to the openais problem. It looks like simple reboot solved main problem, but unlink problem is still there: type=AVC msg=audit(1279007167.111:29): avc: denied { unlink } for pid=3610 comm="aisexec" name="openais_shm-TzIxst" dev=tmpfs ino=14559 scontext=root:system_r:aisexec_t:s0 tcontext=root:object_r:tmpfs_t:s0 tclass=file We are working on it with Jan. Jan, could you test it with selinux-policy-2.4.6-283.el5 selinux-policy-targeted-2.4.6-283.el5 packages. Miroslav, We moved the openais_shm* bug fix out to rhel 5.7 because of 5.6 capacity constraints. My apologies for being unaware of this bug and recommending it for 5.7 rather then 5.6.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Recently, the OpenAIS Standards-Based Cluster Framework, an open implementation of the Application Interface Specification (AIS), started using POSIX semaphores instead of the SysV semaphores. With this update, relevant SELinux rules have been adjusted to reflect this change.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html |