| Summary: | matahari generates avcs and doesn't work properly | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steven Dake <sdake> | ||||||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | unspecified | Docs Contact: | |||||||||
| Priority: | unspecified | ||||||||||
| Version: | 16 | CC: | asalkeld, dominick.grift, dwalsh, mgrepl, rbryant | ||||||||
| Target Milestone: | --- | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | selinux-policy-3.10.0-55.fc16 | Doc Type: | Bug Fix | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2011-11-10 17:30:16 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Attachments: |
|
||||||||||
Created attachment 530573 [details]
audit log matahari no worky
The problem seems to be that you have an unlabeled file system. file_t means a file does not have a label. You need to put labels on this disk with restorecon which should fix the problem. or relabel the entire machine with touch /.autorelabel; reboot Rest of the AVC's that were real will be fixed in selinux-policy-3.10.0-53.fc16 Dan, Thanks for looking into this. The unlabeled filesystem must occur perhaps because oz turns off selinux while it is working and then turns it back on. While its off, I do a yum update operation. I have attached a relabled filesystem audit log. Looks like some syscalls are being rejected, but its hard for me to tell. Regards -steve Created attachment 530701 [details]
relabled filesystem audit log
All the fixes for matahari that I have seen will be in selinux-policy-3.10.0-53.fc16 selinux-policy-3.10.0-54.fc16 does not work with Matahari. I have attached the audit log. Thanks -steve Created attachment 532082 [details]
matahari running selinux -54 returns these audit problems
selinux-policy-3.10.0-55.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-55.fc16 selinux-policy-3.10.0-55.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: Using pacemaker cloud to communicate with Matahari, Matahari appears nonoperational. This looks like a regression - it was working previously. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.10.0-52.fc16.noarch libselinux-2.1.6-4.fc16.x86_64 selinux-policy-doc-3.10.0-52.fc16.noarch libselinux-utils-2.1.6-4.fc16.x86_64 selinux-policy-3.10.0-52.fc16.noarch matahari-lib-0.4.7-0.1.94a4de1.git.fc16.x86_64 matahari-core-0.4.7-0.1.94a4de1.git.fc16.x86_64 matahari-agent-lib-0.4.7-0.1.94a4de1.git.fc16.x86_64 matahari-host-0.4.7-0.1.94a4de1.git.fc16.x86_64 matahari-service-0.4.7-0.1.94a4de1.git.fc16.x86_64 How reproducible: 100% Steps to Reproduce: 1. Create a full deployable and launch it via pacemaker cloud. 2. pcloudsh prints the errors: Event: {'reason': 'insufficient privliges', 'assembly': 'assy3-F16', 'state': 'failed', 'service': 'httpd', 'deployable': 'dep1-F16'} 3. There are audit errors in the audit file which are attached. Actual results: pacemaker cloud doesn't work with selinux in guest vms because matahari is non-functional. Expected results: matahari should work without audit errors. Additional info: