Bug 1099040 - Neutron is unable to create directory in /tmp
Summary: Neutron is unable to create directory in /tmp
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 5.0 (RHEL 6)
Assignee: Solly Ross
QA Contact: Ami Jeain
URL:
Whiteboard:
Depends On: 1098524 1099042 1099044
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-19 11:03 UTC by Ihar Hrachyshka
Modified: 2016-04-27 04:34 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1098524
Environment:
Last Closed: 2014-06-12 18:49:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 2 Ryan Hallisey 2014-06-04 14:52:06 UTC 
Can you duplicate this in permissive and attach your 
/var/log/audit/audit.log file?

There maybe be more denials then this and permissive should catch them all.
Comment 3 Ihar Hrachyshka 2014-06-04 15:16:09 UTC 
I'm not the one who originally reported the bug (it's just cloned here by me).
Comment 4 Ryan Hallisey 2014-06-04 17:10:23 UTC 
Given the current avc, here is the fix:

allow neutron_t tmp_t:dir create;

Add to Selinux policy for RHEL 6.6.

What do you think mgrepl?
Comment 5 Miroslav Grepl 2014-06-06 12:26:57 UTC 
No. We have


manage_files_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
manage_dirs_pattern(neutron_t, neutron_tmp_t, neutron_tmp_t)
files_tmp_filetrans(neutron_t, neutron_tmp_t, { file dir })

rules which cover it.
Comment 6 Lon Hohberger 2014-06-12 18:49:24 UTC 
This is the RHEL6 clone which should be covered by existing policy - so closing.
Note You need to log in before you can comment on or make changes to this bug.