Bug 847336
| Summary: | systemd-tmpfiles fails to create directories under /var/lock (aka /run/lock) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John W. Linville <linville> |
| Component: | systemd | Assignee: | systemd-maint |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | johannbg, lnykryn, metherid, mschmidt, msekleta, notting, plautrba, systemd-maint, vpavlin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-14 17:08:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
John W. Linville
2012-08-10 15:19:29 UTC
> 'grep lock /var/log/audit/audit.log | grep -v success' gives no output, so I
> don't think this is an SElinux issue.
John,
I'm not sure this command can definitely rule SELinux out. Could you confirm that by booting with "enforcing=0" on the kernel command line?
OK, that does seem to let the systemd-tmpfiles service succeed. I have no idea why the previous failures showed no trace in the audit.log...? I thought my days of disabling SElinux were over... So, how to fix this without disabling SElinux? The denials may occur before auditd starts. In that case you'd find them in dmesg. This is how the relevant files are labeled on my system. Please compare with yours: $ ls -Zd /var /var/lock /run /run/lock /usr/bin/systemd-tmpfiles drwxr-xr-x. root root system_u:object_r:var_run_t:s0 /run drwxr-xr-x. root root system_u:object_r:var_lock_t:s0 /run/lock -rwxr-xr-x. root root system_u:object_r:systemd_tmpfiles_exec_t:s0 /usr/bin/systemd-tmpfiles drwxr-xr-x. root root system_u:object_r:var_t:s0 /var lrwxrwxrwx. root root system_u:object_r:var_lock_t:s0 /var/lock -> ../run/lock Label on /var/lock is different... $ ls -Zd /var /var/lock /run /run/lock /usr/bin/systemd-tmpfiles drwxr-xr-x. root root system_u:object_r:var_run_t:s0 /run drwxr-xr-x. root root system_u:object_r:var_lock_t:s0 /run/lock -rwxr-xr-x. root root system_u:object_r:systemd_tmpfiles_exec_t:s0 /usr/bin/systemd-tmpfiles drwxr-xr-x. root root system_u:object_r:var_t:s0 /var lrwxrwxrwx. root root system_u:object_r:var_t:s0 /var/lock -> ../run/lock Does "restorecon -v /var/lock" fix the label and the problem? Michal, sorry for the late reply -- I didn't want to reboot during the day yesterday... Yes, the relabel of that link does the trick. I have no idea how it got mislabeled or whatnot. Anyway, thanks. |