Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 733337

Summary:	cluster tools cause AVCs
Product:	Red Hat Enterprise Linux 6	Reporter:	Milos Malik <mmalik>
Component:	selinux-policy	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED ERRATA	QA Contact:	Milos Malik <mmalik>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	6.2	CC:	dwalsh, fdinitto, jkortus, lhh, nstraz
Target Milestone:	rc
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	selinux-policy-3.7.19-109.el6	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-12-06 10:13:31 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Milos Malik 2011-08-25 13:56:32 UTC

Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.7.19-108.el6.noarch
selinux-policy-minimum-3.7.19-108.el6.noarch
selinux-policy-mls-3.7.19-108.el6.noarch
selinux-policy-3.7.19-108.el6.noarch
selinux-policy-doc-3.7.19-108.el6.noarch

How reproducible:
always

Steps to Reproduce:
1. get a fresh RHEL-6.2 machine
2. run /CoreOS/selinux-policy/Regression/bz271561-corosync-and-similar
  
Actual results:
----
type=SYSCALL msg=audit(08/25/2011 15:44:56.906:26312) : arch=i386 syscall=access success=no exit=-13(Permission denied) a0=9d95674 a1=1 a2=bfa0d074 a3=ffffff9c items=0 ppid=28005 pid=28006 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=find exe=/bin/find subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:56.906:26312) : avc:  denied  { execute } for  pid=28006 comm=find name=SAPDatabase dev=dm-0 ino=158424 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:56.908:26313) : arch=i386 syscall=access success=no exit=-13(Permission denied) a0=9d95a9c a1=1 a2=bfa0d074 a3=ffffff9c items=0 ppid=28005 pid=28006 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=find exe=/bin/find subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:56.908:26313) : avc:  denied  { execute } for  pid=28006 comm=find name=checkquorum dev=dm-0 ino=147727 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:56.908:26314) : arch=i386 syscall=access success=no exit=-13(Permission denied) a0=9d96474 a1=1 a2=bfa0d074 a3=ffffff9c items=0 ppid=28005 pid=28006 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=find exe=/bin/find subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:56.908:26314) : avc:  denied  { execute } for  pid=28006 comm=find name=fence_scsi_check.pl dev=dm-0 ino=142731 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:56.908:26315) : arch=i386 syscall=access success=no exit=-13(Permission denied) a0=9d96ac4 a1=1 a2=bfa0d074 a3=ffffff9c items=0 ppid=28005 pid=28006 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=find exe=/bin/find subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:56.908:26315) : avc:  denied  { execute } for  pid=28006 comm=find name=SAPInstance dev=dm-0 ino=158425 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.096:26316) : arch=i386 syscall=stat64 success=no exit=-13(Permission denied) a0=bfde0dfd a1=86b7ac0 a2=a32ff4 a3=bfde0dfd items=0 ppid=28002 pid=28021 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=ls exe=/bin/ls subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.096:26316) : avc:  denied  { getattr } for  pid=28021 comm=ls path=/usr/sbin/fence_node dev=dm-0 ino=36397 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.103:26317) : arch=i386 syscall=stat64 success=no exit=-13(Permission denied) a0=bfde0e99 a1=86b7dc0 a2=a32ff4 a3=bfde0e99 items=0 ppid=28002 pid=28021 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=ls exe=/bin/ls subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.103:26317) : avc:  denied  { getattr } for  pid=28021 comm=ls path=/usr/sbin/fence_tool dev=dm-0 ino=18509 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.316:26318) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1b080 a2=9a90a70 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.316:26318) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=cluster.rng dev=dm-0 ino=51364 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.319:26319) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1b040 a2=9a90b30 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.319:26319) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=fence_agents.rng.cache dev=dm-0 ino=51365 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.320:26320) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1b000 a2=9a90bd0 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.320:26320) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=fence_agents.rng.hash dev=dm-0 ino=51366 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.320:26321) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1afc0 a2=9a90c70 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.320:26321) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=resources.rng.cache dev=dm-0 ino=51367 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.320:26322) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1af80 a2=9a90c70 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.320:26322) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=resources.rng.hash dev=dm-0 ino=51368 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----
type=SYSCALL msg=audit(08/25/2011 15:44:57.321:26323) : arch=i386 syscall=fsetxattr success=no exit=-13(Permission denied) a0=4 a1=bfb1af50 a2=9a90ad8 a3=2b items=0 ppid=28002 pid=28037 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=pts0 ses=11 comm=cp exe=/bin/cp subj=unconfined_u:system_r:corosync_t:s0 key=(null) 
type=AVC msg=audit(08/25/2011 15:44:57.321:26323) : avc:  denied  { relabelfrom } for  pid=28037 comm=cp name=rng_update.lock dev=dm-0 ino=51369 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file 
----

Expected results:
* no AVCs

Comment 1 Miroslav Grepl 2011-08-25 14:04:31 UTC

Milos,
 could you add to your tests

# echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
# service auditd restart

then we will get full paths.

Comment 2 Miroslav Grepl 2011-08-25 14:06:34 UTC

Also please add AVC in permissive mode.

# chcon -t bin_t PATHO/$cluster_tool_directory/$tools

Comment 3 Milos Malik 2011-08-26 12:09:29 UTC

comment#1 advice applied:
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.529:212): item=0 name="fence_scsi_check.pl" inode=1184341 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360267.529:212):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360267.529:212): arch=c000003e syscall=21 success=no exit=-13 a0=1ddab68 a1=1 a2=7fff0c26a6b0 a3=100 items=1 ppid=19844 pid=19845 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.529:212): avc:  denied  { execute } for  pid=19845 comm="find" name="fence_scsi_check.pl" dev=dm-0 ino=1184341 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.529:213): item=0 name="SAPDatabase" inode=1184359 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360267.529:213):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360267.529:213): arch=c000003e syscall=21 success=no exit=-13 a0=1ddb9c8 a1=1 a2=7fff0c26a6b0 a3=100 items=1 ppid=19844 pid=19845 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.529:213): avc:  denied  { execute } for  pid=19845 comm="find" name="SAPDatabase" dev=dm-0 ino=1184359 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.529:214): item=0 name="checkquorum" inode=1184352 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360267.529:214):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360267.529:214): arch=c000003e syscall=21 success=no exit=-13 a0=1ddc5e8 a1=1 a2=7fff0c26a6b0 a3=100 items=1 ppid=19844 pid=19845 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.529:214): avc:  denied  { execute } for  pid=19845 comm="find" name="checkquorum" dev=dm-0 ino=1184352 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.529:215): item=0 name="SAPInstance" inode=1184360 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360267.529:215):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360267.529:215): arch=c000003e syscall=21 success=no exit=-13 a0=1ddc828 a1=1 a2=7fff0c26a6b0 a3=100 items=1 ppid=19844 pid=19845 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.529:215): avc:  denied  { execute } for  pid=19845 comm="find" name="SAPInstance" dev=dm-0 ino=1184360 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.564:216): item=0 name="/usr/sbin/fence_node" inode=1050123 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:fenced_exec_t:s0
type=CWD msg=audit(1314360267.564:216):  cwd="/"
type=SYSCALL msg=audit(1314360267.564:216): arch=c000003e syscall=4 success=no exit=-13 a0=7fffcc02cdf9 a1=887010 a2=887010 a3=1b items=1 ppid=19841 pid=19860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="ls" exe="/bin/ls" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.564:216): avc:  denied  { getattr } for  pid=19860 comm="ls" path="/usr/sbin/fence_node" dev=dm-0 ino=1050123 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.565:217): item=0 name="/usr/sbin/fence_tool" inode=1060160 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:fenced_exec_t:s0
type=CWD msg=audit(1314360267.565:217):  cwd="/"
type=SYSCALL msg=audit(1314360267.565:217): arch=c000003e syscall=4 success=no exit=-13 a0=7fffcc02ce95 a1=887490 a2=887490 a3=15 items=1 ppid=19841 pid=19860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="ls" exe="/bin/ls" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.565:217): avc:  denied  { getattr } for  pid=19860 comm="ls" path="/usr/sbin/fence_tool" dev=dm-0 ino=1060160 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.614:218): item=0 name=(null) inode=2621702 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.614:218): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110d30 a2=e81470 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.614:218): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="cluster.rng" dev=dm-0 ino=2621702 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.615:219): item=0 name=(null) inode=2621703 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.615:219): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110cf0 a2=e814f0 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.615:219): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="fence_agents.rng.cache" dev=dm-0 ino=2621703 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.615:220): item=0 name=(null) inode=2621704 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.615:220): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110cb0 a2=e78490 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.615:220): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="fence_agents.rng.hash" dev=dm-0 ino=2621704 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.616:221): item=0 name=(null) inode=2621705 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.616:221): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110c70 a2=e78520 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.616:221): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="resources.rng.cache" dev=dm-0 ino=2621705 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.616:222): item=0 name=(null) inode=2621706 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.616:222): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110c30 a2=e785d0 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.616:222): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="resources.rng.hash" dev=dm-0 ino=2621706 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:04:27 2011
type=PATH msg=audit(1314360267.616:223): item=0 name=(null) inode=2621707 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360267.616:223): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff47110c00 a2=e78680 a3=2b items=1 ppid=19841 pid=19874 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360267.616:223): avc:  denied  { relabelfrom } for  pid=19874 comm="cp" name="rng_update.lock" dev=dm-0 ino=2621707 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.449:225): item=0 name="SAPDatabase" inode=1184359 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360321.449:225):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360321.449:225): arch=c000003e syscall=21 success=no exit=-13 a0=1b0f9c8 a1=1 a2=7fff0a4eb670 a3=100 items=1 ppid=20750 pid=20751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.449:225): avc:  denied  { execute } for  pid=20751 comm="find" name="SAPDatabase" dev=dm-0 ino=1184359 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.449:226): item=0 name="checkquorum" inode=1184352 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360321.449:226):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360321.449:226): arch=c000003e syscall=21 success=no exit=-13 a0=1b105e8 a1=1 a2=7fff0a4eb670 a3=100 items=1 ppid=20750 pid=20751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.449:226): avc:  denied  { execute } for  pid=20751 comm="find" name="checkquorum" dev=dm-0 ino=1184352 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.450:227): item=0 name="SAPInstance" inode=1184360 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360321.450:227):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360321.450:227): arch=c000003e syscall=21 success=no exit=-13 a0=1b10828 a1=1 a2=7fff0a4eb670 a3=100 items=1 ppid=20750 pid=20751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.450:227): avc:  denied  { execute } for  pid=20751 comm="find" name="SAPInstance" dev=dm-0 ino=1184360 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.484:228): item=0 name="/usr/sbin/fence_node" inode=1050123 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:fenced_exec_t:s0
type=CWD msg=audit(1314360321.484:228):  cwd="/"
type=SYSCALL msg=audit(1314360321.484:228): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3374fdf9 a1=cec010 a2=cec010 a3=1b items=1 ppid=20747 pid=20766 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="ls" exe="/bin/ls" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.484:228): avc:  denied  { getattr } for  pid=20766 comm="ls" path="/usr/sbin/fence_node" dev=dm-0 ino=1050123 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.485:229): item=0 name="/usr/sbin/fence_tool" inode=1060160 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:fenced_exec_t:s0
type=CWD msg=audit(1314360321.485:229):  cwd="/"
type=SYSCALL msg=audit(1314360321.485:229): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3374fe95 a1=cec490 a2=cec490 a3=15 items=1 ppid=20747 pid=20766 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="ls" exe="/bin/ls" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.485:229): avc:  denied  { getattr } for  pid=20766 comm="ls" path="/usr/sbin/fence_tool" dev=dm-0 ino=1060160 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:fenced_exec_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.535:230): item=0 name=(null) inode=2621715 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.535:230): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33c70 a2=20f1470 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.535:230): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="cluster.rng" dev=dm-0 ino=2621715 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.535:231): item=0 name=(null) inode=2621716 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.535:231): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33c30 a2=20f14f0 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.535:231): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="fence_agents.rng.cache" dev=dm-0 ino=2621716 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.536:232): item=0 name=(null) inode=2621717 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.536:232): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33bf0 a2=20e8490 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.536:232): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="fence_agents.rng.hash" dev=dm-0 ino=2621717 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.536:233): item=0 name=(null) inode=2621718 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.536:233): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33bb0 a2=20e8520 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.536:233): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="resources.rng.cache" dev=dm-0 ino=2621718 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.537:234): item=0 name=(null) inode=2621719 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.537:234): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33b70 a2=20e85d0 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.537:234): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="resources.rng.hash" dev=dm-0 ino=2621719 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.538:235): item=0 name=(null) inode=2621720 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:corosync_tmp_t:s0
type=SYSCALL msg=audit(1314360321.538:235): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff52d33b40 a2=20e8680 a3=2b items=1 ppid=20747 pid=20780 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.538:235): avc:  denied  { relabelfrom } for  pid=20780 comm="cp" name="rng_update.lock" dev=dm-0 ino=2621720 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:corosync_tmp_t:s0 tclass=file
----
time->Fri Aug 26 08:05:21 2011
type=PATH msg=audit(1314360321.449:224): item=0 name="fence_scsi_check.pl" inode=1184341 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:usr_t:s0
type=CWD msg=audit(1314360321.449:224):  cwd="/usr/share/cluster"
type=SYSCALL msg=audit(1314360321.449:224): arch=c000003e syscall=21 success=no exit=-13 a0=1b0eb68 a1=1 a2=7fff0a4eb670 a3=100 items=1 ppid=20750 pid=20751 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314360321.449:224): avc:  denied  { execute } for  pid=20751 comm="find" name="fence_scsi_check.pl" dev=dm-0 ino=1184341 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----

Comment 4 Miroslav Grepl 2011-08-26 13:42:43 UTC

*** Bug 733656 has been marked as a duplicate of this bug. ***

Comment 5 Milos Malik 2011-08-26 14:49:14 UTC

Following module helped me to reduce the number of AVCs to 4:

module mypolicy 1.0;

require {
        type corosync_t;
        type corosync_tmp_t;
        type cluster_var_lib_t;
        type fenced_t;
        type fenced_exec_t;
        type var_run_t;
        class file { relabelfrom relabelto getattr open write ioctl };
}

#============= corosync_t ==============
allow corosync_t corosync_tmp_t:file relabelfrom;
allow corosync_t cluster_var_lib_t:file relabelto;
allow corosync_t fenced_exec_t:file getattr;

#============= fenced_t ==============
allow fenced_t var_run_t:file { open write getattr ioctl };

Those 4 AVCs are of this kind:
----
time->Fri Aug 26 10:35:03 2011
type=SYSCALL msg=audit(1314369303.694:1621): arch=40000003 syscall=33 success=no exit=-13 a0=9eb889c a1=1 a2=bfed07d4 a3=ffffff9c items=0 ppid=21149 pid=21150 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="find" exe="/bin/find" subj=unconfined_u:system_r:corosync_t:s0 key=(null)
type=AVC msg=audit(1314369303.694:1621): avc:  denied  { execute } for  pid=21150 comm="find" name="SAPDatabase" dev=dm-0 ino=1182604 scontext=unconfined_u:system_r:corosync_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
----

Once I change context of following files to bin_t the number of AVCs immediately goes to hundreds:
/usr/share/cluster/SAPDatabase
/usr/share/cluster/SAPInstance
/usr/share/cluster/fence_scsi_check.pl
/usr/share/cluster/checkquorum

Comment 6 Miroslav Grepl 2011-08-31 10:54:06 UTC

Could you try to execute

# chcon -t bin_t /usr/share/cluster/SAPDatabase /usr/share/cluster/SAPInstance /usr/share/cluster/checkquorum /usr/share/cluster/fence_scsi_check.pl


and remove

allow fenced_t var_run_t:file { open write getattr ioctl };
 
from your local policy. I would like to see AVC msgs.

Comment 8 Miroslav Grepl 2011-08-31 19:59:39 UTC

Fixed in selinux-policy-3.7.19-109.el6

Comment 10 Fabio Massimo Di Nitto 2011-09-06 12:14:36 UTC

*** Bug 733513 has been marked as a duplicate of this bug. ***

Comment 14 Nate Straz 2011-10-13 15:13:16 UTC

I'm still hitting AVCs with selinux-policy-3.7.19-115.el6 when starting cman.

type=AVC msg=audit(1318517874.571:65821): avc:  denied  { relabelto } for  pid=17606 comm="cp" name="cluster.rng" dev=dm-0 ino=1831438 scontext=system_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1318517874.571:65821): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff748ddb60 a2=1f08470 a3=2b items=1 ppid=17575 pid=17606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:corosync_t:s0 key=(null)
type=PATH msg=audit(1318517874.571:65821): item=0 name=(null) inode=1831438 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:corosync_tmp_t:s0
type=AVC msg=audit(1318517874.573:65822): avc:  denied  { relabelto } for  pid=17606 comm="cp" name="fence_agents.rng.cache" dev=dm-0 ino=1831439 scontext=system_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1318517874.573:65822): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff748ddb20 a2=1f084f0 a3=2b items=1 ppid=17575 pid=17606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:corosync_t:s0 key=(null)
type=PATH msg=audit(1318517874.573:65822): item=0 name=(null) inode=1831439 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:corosync_tmp_t:s0
type=AVC msg=audit(1318517874.574:65823): avc:  denied  { relabelto } for  pid=17606 comm="cp" name="fence_agents.rng.hash" dev=dm-0 ino=1831440 scontext=system_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1318517874.574:65823): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff748ddae0 a2=1eff490 a3=2b items=1 ppid=17575 pid=17606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:corosync_t:s0 key=(null)
type=PATH msg=audit(1318517874.574:65823): item=0 name=(null) inode=1831440 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:corosync_tmp_t:s0
type=AVC msg=audit(1318517874.584:65824): avc:  denied  { relabelto } for  pid=17606 comm="cp" name="resources.rng.cache" dev=dm-0 ino=1831441 scontext=system_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1318517874.584:65824): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff748ddaa0 a2=1eff520 a3=2b items=1 ppid=17575 pid=17606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:corosync_t:s0 key=(null)
type=PATH msg=audit(1318517874.584:65824): item=0 name=(null) inode=1831441 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:corosync_tmp_t:s0
type=AVC msg=audit(1318517874.584:65825): avc:  denied  { relabelto } for  pid=17606 comm="cp" name="resources.rng.hash" dev=dm-0 ino=1831442 scontext=system_u:system_r:corosync_t:s0 tcontext=unconfined_u:object_r:cluster_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1318517874.584:65825): arch=c000003e syscall=190 success=no exit=-13 a0=4 a1=7fff748dda60 a2=1eff5d0 a3=2b items=1 ppid=17575 pid=17606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:corosync_t:s0 key=(null)

Comment 15 Miroslav Grepl 2011-10-13 15:19:38 UTC

Does cman start correctly? These are looks like constraints.

Comment 16 Nate Straz 2011-10-13 15:27:06 UTC

It does start correctly, as far as I can tell.  I'm not sure what the purpose of these file are.  Including development.

Comment 17 Fabio Massimo Di Nitto 2011-10-13 15:45:46 UTC

those files are created/used by ccs_update_schema.

ccs_update_schema uses a tempdir in /tmp/random.XXXX and then cp/mv those files to /var/lib/cluster/ and takes some backup of the previously installed files in /var/lib/cluster.

it can be called manually, via ccs_config_validate, via cman_tool and via init script.

Comment 19 Milos Malik 2011-10-14 06:54:59 UTC

Few days ago I have reported a special bug concerning "relabelto" operation:
 * https://bugzilla.redhat.com/show_bug.cgi?id=744689

I would recommend to close this bug as VERIFIED and focus on bz#744689. What do you think?

Comment 20 Miroslav Grepl 2011-10-14 08:45:54 UTC

I am finally able to reproduce it and I have a fix.

Comment 21 Nate Straz 2011-10-14 13:18:29 UTC

(In reply to comment #19)
> Few days ago I have reported a special bug concerning "relabelto" operation:
>  * https://bugzilla.redhat.com/show_bug.cgi?id=744689
> 
> I would recommend to close this bug as VERIFIED and focus on bz#744689. What do
> you think?

Sounds good, moving back to VERIFIED.

Milos, can you please cc: mspqa-list on any cluster related bugs?

Comment 22 errata-xmlrpc 2011-12-06 10:13:31 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1511.html