Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1215635 - [SELinux] [ctdb] SELinux is preventing /bin/bash from execute access on the file /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh
[SELinux] [ctdb] SELinux is preventing /bin/bash from execute access on the f...
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: samba (Show other bugs)
3.1
Unspecified Unspecified
high Severity high
: ---
: RHGS 3.1.0
Assigned To: Jose A. Rivera
surabhi
SELinux
:
Depends On:
Blocks: 1202842 1212796
  Show dependency treegraph
 
Reported: 2015-04-27 07:15 EDT by Prasanth
Modified: 2015-07-29 00:42 EDT (History)
10 users (show)

See Also:
Fixed In Version: selinux-policy-3.7.19-271.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 00:42:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:1495 normal SHIPPED_LIVE Important: Red Hat Gluster Storage 3.1 update 2015-07-29 04:26:26 EDT

  None (edit)
Description Prasanth 2015-04-27 07:15:01 EDT 
Description of problem:

SELinux is preventing /bin/bash from execute access on the file /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh

See AVC messages from /var/log/audit/audit.log below:

######
type=AVC msg=audit(1429776701.598:1185): avc:  denied  { execute } for  pid=9808 comm="glusterd" name="S29CTDB-teardown.sh" dev=dm-0 ino=657338 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:glusterd_var_lib_t:s0 tclass=file
type=AVC msg=audit(1429776701.598:1185): avc:  denied  { execute_no_trans } for  pid=9808 comm="glusterd" path="/var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh" dev=dm-0 ino=657338 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:glusterd_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1429776701.598:1185): arch=c000003e syscall=59 success=yes exit=0 a0=7fbaf0000e50 a1=7fbaf0001ea0 a2=1bec0b0 a3=8 items=0 ppid=3810 pid=9808 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="S29CTDB-teardow" exe="/bin/bash" subj=unconfined_u:system_r:glusterd_t:s0 key=(null)
######

#####
Apr 23 13:41:42 dhcp42-72 setroubleshoot: SELinux is preventing /bin/bash from execute access on the file /var/lib/glusterd/hooks/1/stop/pre/S29CTDB-teardown.sh. For complete SELinux messages. run sealert -l 4765553a-7199-4df8-8bfb-c7c489d53c0e
#####


Version-Release number of selected component (if applicable):
#####
glusterfs-fuse-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-cli-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-server-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-libs-3.7dev-0.1009.git8b987be.el6.x86_64
glusterfs-api-3.7dev-0.1009.git8b987be.el6.x86_64
samba-vfs-glusterfs-4.1.17-4.el6rhs.x86_64
#####

How reproducible: Always


Steps to Reproduce:
1. Install the RHEL6 glusterfs 3.7 nightly builds from http://download.gluster.org/pub/gluster/glusterfs/nightly/glusterfs-3.7/epel-6-x86_64/
2. Create a volume and start it
3. Check for the AVC's in /var/log/audit/audit.log


Actual results: Above mentioned AVC is seen in the logs.


Expected results: If you believe that bash should be allowed execute access on the S29CTDB-teardown.sh file by default, please consider fixing it.
Comment 1 surabhi 2015-06-08 09:16:31 EDT 
Install RHEl6.7, Install downstream gluster rpms,
Install latest samba rpms's 
install selinux latest rpms: selinux-policy-3.7.19-271.el6

start a volume and do ctdb setup.
There are no AVC's seen related to CTDB teardown hook scripts.

Marking the MZ to verified.
Comment 3 errata-xmlrpc 2015-07-29 00:42:05 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.