Bug 924843
Summary: | Various AVC denieds related to corosync policy for heartbeat | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Robert Scheck <redhat-bugzilla> | |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | |
Status: | CLOSED ERRATA | QA Contact: | Michal Trunecka <mtruneck> | |
Severity: | medium | Docs Contact: | ||
Priority: | high | |||
Version: | 6.4 | CC: | cphillip, dwalsh, ebenes, mgrepl, mmalik, mtruneck, robert.scheck | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.7.19-208.el6 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1003783 (view as bug list) | Environment: | ||
Last Closed: | 2013-11-21 10:21:08 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 835616, 960054, 1003783 |
Description
Robert Scheck
2013-03-22 15:45:01 UTC
This is cross-referenced with Red Hat customer portal, case 00668208 Robert, does it only want to search these dirs? Miroslav, how do I figure out this best? This is the only AVC denieds as it seems at least. Suggestions how to track down? Try dontaudits, enforce and see and try if it is as expected? Unfortunately nearly all of the affected systems are productive... Probably the best is make a domain as permissive domains. # semanage permissive -a DOMAIN re-test # ausearch -m avc -ts recent # semanage permissive -d DOMAIN But actually no need in this case. I am adding fixes to Fedora and will back port them. I think it would be enough to make them dontaudit, because it seems to work fine how it is (enforced). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1598.html |