Description of problem: As root, I mounted a gluster partition (mount -t glusterfs localhost:/vol) and tried to create a FIFO (mkfifo fifo). I'm not expecting it to succeed, but gluster should be clamping down on the attempt earlier on without relying on an AVC from SELinux as the last resort. SELinux is preventing /usr/sbin/glusterfsd from 'create' accesses on the fifo_file fifo. ***** Plugin file (47.5 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin file (47.5 confidence) suggests ******************************* If you think this is caused by a badly mislabeled machine. Then you need to fully relabel. Do touch /.autorelabel; reboot ***** Plugin catchall (6.38 confidence) suggests *************************** If you believe that glusterfsd should be allowed create access on the fifo fifo_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep glusterfsd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:glusterd_t:s0 Target Context system_u:object_r:file_t:s0 Target Objects fifo [ fifo_file ] Source glusterfsd Source Path /usr/sbin/glusterfsd Port <Unknown> Host (removed) Source RPM Packages glusterfs-3.4.1-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.13.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.7-200.fc19.x86_64 #1 SMP Thu Aug 15 23:19:45 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-11-25 13:36:35 MST Last Seen 2013-11-25 13:37:32 MST Local ID 304adb6b-7fbb-4405-9293-f5ac8737a632 Raw Audit Messages type=AVC msg=audit(1385411852.9:5292): avc: denied { create } for pid=32419 comm="glusterfsd" name="fifo" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1385411852.9:5292): arch=x86_64 syscall=mknod success=no exit=EACCES a0=7f3d060a6b10 a1=11a4 a2=0 a3=2 items=0 ppid=1 pid=32419 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=glusterfsd exe=/usr/sbin/glusterfsd subj=system_u:system_r:glusterd_t:s0 key=(null) Hash: glusterfsd,glusterd_t,file_t,fifo_file,create Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.10.7-200.fc19.x86_64 type: libreport
Assigning to gluster, as I think SELinux was right to prevent this, but gluster shouldn't be causing an AVC in the first place (how is a FIFO supposed to work in a distributed file system?).
GlusterFS 3.7.0 has been released (http://www.gluster.org/pipermail/gluster-users/2015-May/021901.html), and the Gluster project maintains N-2 supported releases. The last two releases before 3.7 are still maintained, at the moment these are 3.6 and 3.5. This bug has been filed against the 3,4 release, and will not get fixed in a 3.4 version any more. Please verify if newer versions are affected with the reported problem. If that is the case, update the bug with a note, and update the version if you can. In case updating the version is not possible, leave a comment in this bug report with the version you tested, and set the "Need additional information the selected bugs from" below the comment box to "bugs". If there is no response by the end of the month, this bug will get automatically closed.
GlusterFS 3.4.x has reached end-of-life.\n\nIf this bug still exists in a later release please reopen this and change the version or open a new bug.