Created attachment 805303 [details] Excerpt from audit.log after setting setenforce 0, starting htcondor and calling few commands Description of problem: Using the latest version of condor for F19 (condor-8.1.1-0.2.fc19.x86_64, but also using 8.1.0-0.2) htcondor daemons can't access the configuration directory (by default /etc/condor). It seems that /etc/condor is now labeled as condor_etc_rw_t, but the daemons can't access it. The error can be reproduced just starting condor. condor_status returns an error: CEDAR:6001:Failed to connect to <x.y.z.t:9618> while condor_status -direct $HOSTNAME works. condor_q works too. After setting 'setenforce 0' I can see all the errors from the pre-defined daemons (master, collector, negotiator, schedd), and audit2allow suggests: #============= condor_collector_t ============== allow condor_collector_t condor_etc_rw_t:dir read; #============= condor_master_t ============== allow condor_master_t condor_etc_rw_t:dir read; #============= condor_negotiator_t ============== allow condor_negotiator_t condor_etc_rw_t:dir read; #============= condor_schedd_t ============== allow condor_schedd_t condor_etc_rw_t:dir read; Most probably also all the other htcondor daemons which have a specific context (schedd, kbdd?) should get a rule for this as well. # condor_version $CondorVersion: 8.1.1 Sep 25 2013 BuildID: RH-8.1.1-0.2.fc19 $ $CondorPlatform: X86_64-Fedora_19 $
c057891eda1df81b566e375c46c62d711cfa3c8e fixes this in git.
backported.
selinux-policy-3.12.1-74.9.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.9.fc19
Package selinux-policy-3.12.1-74.9.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.9.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-18701/selinux-policy-3.12.1-74.9.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.9.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.