Bug 1122688 - Galera wsrep_sst_rsync selinux denials
Summary: Galera wsrep_sst_rsync selinux denials
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 5.0 (RHEL 7)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: 5.0 (RHEL 7)
Assignee: Ryan Hallisey
QA Contact: Leonid Natapov
URL:
Whiteboard:
Depends On: 1118859
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-23 19:13 UTC by Scott Lewis
Modified: 2016-04-26 18:58 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, SELinux prevented wsrep_sst_script from performing an lsof command. SELinux also prevented MariaDB from using port 4444. As a result, Galera could not join a cluster. With this update, the wsrep_sst_script is now allowed to execute lsof and relabel port 4444 to mariadb_port_t, so that MariaDB can successfully join a cluster and the lsof command succeeds.
Clone Of: 1118859
Environment:
Last Closed: 2014-09-02 17:38:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1116 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory 2014-09-02 21:38:10 UTC

Comment 4 Lon Hohberger 2014-08-20 18:58:31 UTC 
Tests for this passed devel testing; the AVCs addressed are here:

https://github.com/redhat-openstack/openstack-selinux/blob/el7/tests/bz1118859
Comment 6 errata-xmlrpc 2014-09-02 17:38:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1116.html
Note You need to log in before you can comment on or make changes to this bug.