Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1108448

Summary: selinux alerts starting glusterd in f20
Product: [Community] GlusterFS Reporter: Joe Julian <joe>
Component: unclassifiedAssignee: bugs <bugs>
Status: CLOSED EOL QA Contact: Prasanth <pprakash>
Severity: high Docs Contact:
Priority: medium    
Version: 3.5.0CC: amukherj, bugs, juanjose.garciaripoll, kwade, lmohanty
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-17 15:56:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1115091    

Description Joe Julian 2014-06-12 04:53:56 UTC 
Description of problem:
SELinux fails to allow glusterd to start

Version-Release number of selected component (if applicable):
glusterfs-server-3.5.0-3.fc20.x86_64
selinux-policy-3.12.1-166.fc20.noarch
selinux-policy-targeted-3.12.1-166.fc20.noarch

How reproducible:
always

Steps to Reproduce:
1. Install Fedora 20 with default partition scheme
2. yum install glusterfs-server
3. systemctl start glusterd

Actual results:
type=AVC msg=audit(1402545196.130:1286): avc:  denied  { write } for  pid=7687 comm="glusterd" name="glusterd.socket" dev="tmpfs" ino=10087511 scontext=system_u:system_r:glusterd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1402545196.130:1287): avc:  denied  { unlink } for  pid=7687 comm="glusterd" name="glusterd.socket" dev="tmpfs" ino=10087511 scontext=system_u:system_r:glusterd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file


Expected results:
no denials

Additional info:
F20 mounts a tmpfs on /run and /var/run is symlinked to it

tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
Comment 1 Kaleb KEITHLEY 2014-10-27 13:49:04 UTC 
*** Bug 1155935 has been marked as a duplicate of this bug. ***
Comment 2 Niels de Vos 2016-06-17 15:56:26 UTC 
This bug is getting closed because the 3.5 is marked End-Of-Life. There will be no further updates to this version. Please open a new bug against a version that still receives bugfixes if you are still facing this issue in a more current release.