| Summary: | avc denied message when remotely updating cman cluster version | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Corey Marthaler <cmarthal> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.1 | CC: | dwalsh, mmalik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-03 21:56:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
It should be fixed in selinux-policy-3.7.19-106.el6.noarch *** This bug has been marked as a duplicate of bug 727160 *** |
Description of problem: Many of our tests remotely update cluster configurations for different scenarios and setups. This works when run on the actual cluster member, however it no longer works when run remotely (through qarsh). [cmarthal@silver bin]$ qarsh root\@hayes-01 cman_tool version -r Unable to update relaxng schema: /usr/sbin/ccs_update_schema: line 375: /var/lib/cluster/rng_update.lock: Permission denied cman_tool: Not reloading, generic error running ccs_config_validate Try re-running with -d options type=AVC msg=audit(1312390738.773:84): avc: denied { write } for pid=3124 comm="ccs_update_sche" name="cluster" dev=dm-0 ino=1048565 scontext=system_u:system_r:corosync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cluster_var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1312390738.773:84): arch=c000003e syscall=2 success=no exit=-13 a0=2376b30 a1=241 a2=1b6 a3=21 items=0 ppid=3122 pid=3124 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ccs_update_sche" exe="/bin/bash" subj=system_u:system_r:corosync_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): Linux hayes-01 2.6.32-174.el6.x86_64 #1 SMP Thu Jul 28 00:31:11 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux selinux-policy-3.7.19-105.el6.noarch How reproducible: Everytime