Description of problem: Setting up an ose env with vhost apache frontend, when creating or deleting apps, avc denied message could be seen in /var/log/audit/audit.log. This issue wound't happen when using mod_rewrite. Version-Release number of selected component (if applicable): puddle 2.1.z/2014-08-27.1 libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 selinux-policy-mls-3.7.19-231.el6_5.3.noarch selinux-policy-targeted-3.7.19-231.el6_5.3.noarch selinux-policy-3.7.19-231.el6_5.3.noarch libselinux-python-2.0.94-5.3.el6_4.1.x86_64 libselinux-2.0.94-5.3.el6_4.1.x86_64 ruby193-ruby-selinux-2.0.94-3.el6op.x86_64 rubygem-openshift-origin-container-selinux-0.8.1.3-1.el6op.noarch How reproducible: Always Steps to Reproduce: 1.Create a app, monitor /var/log/audit/audit.log 2.Delete the app, monitor /var/log/audit/audit.log Actual results: 1. [root@broker ~]# tailf /var/log/audit/audit.log |grep avc type=AVC msg=audit(1409219937.686:1087): avc: denied { read } for pid=8007 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_7989_0.9523721909265898_1/stdin" dev=dm-0 ino=208001 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1409219937.754:1088): avc: denied { read } for pid=8008 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_7989_0.9523721909265898_1/stdin" dev=dm-0 ino=208001 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1409219937.754:1088): avc: denied { write } for pid=8008 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_7989_0.9523721909265898_1/stdout" dev=dm-0 ino=208002 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1409219937.754:1088): avc: denied { write } for pid=8008 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_7989_0.9523721909265898_1/stderr" dev=dm-0 ino=208003 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file ... 2. [root@broker ~]# tailf /var/log/audit/audit.log |grep avc type=AVC msg=audit(1409220008.558:1160): avc: denied { read } for pid=9596 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_9578_0.12597337462036662_1/stdin" dev=dm-0 ino=207999 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1409220008.622:1161): avc: denied { read } for pid=9597 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_9578_0.12597337462036662_1/stdin" dev=dm-0 ino=207999 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1409220008.622:1161): avc: denied { write } for pid=9597 comm="httpd" path="/tmp/systemu_broker.ose21z.example.com_4310_9578_0.12597337462036662_1/stdout" dev=dm-0 ino=208014 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openshift_initrc_tmp_t:s0 tclass=file ... Expected results: Should no avc denial Additional info:
*** This bug has been marked as a duplicate of bug 1135617 ***
I think bug 1135617 should be dup with this bug, but not this bug dup with bug 1135617. So I closed this bug as "CURRENTRELEASE".