Bug 1108448 - selinux alerts starting glusterd in f20
Summary: selinux alerts starting glusterd in f20
Keywords:
Status: CLOSED EOL
Alias: None
Product: GlusterFS
Classification: Community
Component: unclassified
Version: 3.5.0
Hardware: Unspecified
OS: Linux
medium
high
Target Milestone: ---
Assignee: bugs@gluster.org
QA Contact: Prasanth
URL:
Whiteboard:
: 1155935 (view as bug list)
Depends On:
Blocks: 1115091
TreeView+ depends on / blocked
 
Reported: 2014-06-12 04:53 UTC by Joe Julian
Modified: 2016-06-17 15:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-17 15:56:26 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1155935 0 unspecified CLOSED SELinux prevents glusterd from writing to socket_t file 2021-02-22 00:41:40 UTC

Internal Links: 1155935

Description Joe Julian 2014-06-12 04:53:56 UTC 
Description of problem:
SELinux fails to allow glusterd to start

Version-Release number of selected component (if applicable):
glusterfs-server-3.5.0-3.fc20.x86_64
selinux-policy-3.12.1-166.fc20.noarch
selinux-policy-targeted-3.12.1-166.fc20.noarch

How reproducible:
always

Steps to Reproduce:
1. Install Fedora 20 with default partition scheme
2. yum install glusterfs-server
3. systemctl start glusterd

Actual results:
type=AVC msg=audit(1402545196.130:1286): avc:  denied  { write } for  pid=7687 comm="glusterd" name="glusterd.socket" dev="tmpfs" ino=10087511 scontext=system_u:system_r:glusterd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=AVC msg=audit(1402545196.130:1287): avc:  denied  { unlink } for  pid=7687 comm="glusterd" name="glusterd.socket" dev="tmpfs" ino=10087511 scontext=system_u:system_r:glusterd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file


Expected results:
no denials

Additional info:
F20 mounts a tmpfs on /run and /var/run is symlinked to it

tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
Comment 1 Kaleb KEITHLEY 2014-10-27 13:49:04 UTC 
*** Bug 1155935 has been marked as a duplicate of this bug. ***
Comment 2 Niels de Vos 2016-06-17 15:56:26 UTC 
This bug is getting closed because the 3.5 is marked End-Of-Life. There will be no further updates to this version. Please open a new bug against a version that still receives bugfixes if you are still facing this issue in a more current release.
Note You need to log in before you can comment on or make changes to this bug.