Description of problem: After update there is a problem with manual upgrade of linearstore EFP to the new partitioning structure. After changing file owner and group of created files in qls directory qpidd says that it has permission denied to access migrated journal file. The problem is only solved by changing SELinux to permissive mode. Version-Release number of selected component (if applicable): RHEL 6.7, 7.1 qpid-cpp-0.34-1 How reproducible: always Steps to Reproduce: 1. Install MRMG 3.1 2. start qpidd service qpidd start 3. Create durable queue e.g. qpid-config add queue test-queue --durable 4. Send some messages qpid-send -a test-queue -b $server -m 150 --durable yes 5. stop qpidd service qpidd stop 6. update to MRGM 3.2 according to documentation 7. go to default store directory on RHEL6 /var/lib/qpidd/qls on RHEL7 /var/lib/qpidd/.qpidd/qls 8. upgrade linearstore EFP to the new partitioning structure according to documentation 9. start qpidd Actual results: qpidd won't start - Permission denied error will be printed Expected results: qpidd starts normally Additional info: On RHEL 6.6 SELinux works with this scenario as expected.
MRG 3.2: qpid-cpp-server-0.34-3 current: selinux-policy-3.7.19-279.el6_7.5.noarch .. FAIL type=AVC msg=audit(1442222583.008:3089): avc: denied { read } for pid=7515 comm="qpidd" name="q" dev=dm-0 ino=136060 context=unconfined_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:qpidd_var_lib_t:s0 tclass=lnk_file selinux-policy-3.13.1-23.el7_1.17.noarch .. FAIL type=AVC msg=audit(1442222868.693:361): avc: denied { read } for pid=2583 comm="qpidd" name="psched" dev="proc" ino=4026531980 scontext=system_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=AVC msg=audit(1442222868.957:362): avc: denied { read } for pid=2583 comm="qpidd" name="q" dev="dm-0" ino=34347348 scontext=system_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:qpidd_var_lib_t:s0 tclass=lnk_file new packages: selinux-policy-3.7.19-279.el6_7.6.noarch .. PASS selinux-policy-3.13.1-23.el7_1.18.noarch .. FAIL type=AVC msg=audit(1442222868.693:361): avc: denied { read } for pid=2583 comm="qpidd" name="psched" dev="proc" ino=4026531980 scontext=system_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=AVC msg=audit(1442222868.957:362): avc: denied { read } for pid=2583 comm="qpidd" name="q" dev="dm-0" ino=34347348 scontext=system_u:system_r:qpidd_t:s0 tcontext=system_u:object_r:qpidd_var_lib_t:s0 tclass=lnk_file
Fixed in selinux-policy-3.7.19-279.el6_7.6
resolved by selinux-policy-3.13.1-23.el7_1.21.noarch -> VERIFIED
above package is live moving to close -> CLOSED ERRATA