Description of problem: /var/tmp is mounted in the horizon container with :z which resets the selinux context to container instead of tmp context which appears to be breaking user ability to use /var/tmp . I traced it back to this commit but the bug mentionned is a catchall bug ... commit a75cc9a9539bc8d6367f5771325914f15593e422 Author: Takashi Kajinami <tkajinam> Date: Mon Aug 19 13:36:17 2019 +0900 Use /var/tmp on host to store temporal files for image upload via Horizon Previously we use /tmp inside horizon container to store temporal files for image upload via Horizon, but this makes the image size grow for each upload operation. This patch makes sure that we use host directory to store temporal file, so that it is not written inside container. Change-Id: Ic32e7a2db83bb5a0fb3c69708be9be96435dd030 Closes-Bug: 1840607 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
[dhill@knox openstack-tripleo-heat-templates]$ ls -tlraZ /var/tmp total 64 drwxr-xr-x. 2 abrt abrt system_u:object_r:abrt_var_cache_t:s0 4096 Aug 3 2018 abrt drwxr-xr-x. 21 root root system_u:object_r:var_t:s0 4096 Feb 4 08:40 .. -rw-------. 1 akmods akmods system_u:object_r:tmp_t:s0 1912 Mar 14 12:06 rpm-tmp.sECt4A drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-systemd-oomd.service-YPQutY drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-systemd-resolved.service-MNV5wN drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-ModemManager.service-w9r18b drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-bluetooth.service-z8zE6X drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-chronyd.service-1APzFW drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-low-memory-monitor.service-7Wj8od drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-power-profiles-daemon.service-qbfI8O drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-rtkit-daemon.service-NFwJPB drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-switcheroo-control.service-VwN7Tu drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-systemd-logind.service-I1vcFk drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-colord.service-2ZdkBD drwx------. 3 root root system_u:object_r:tmp_t:s0 4096 Apr 6 13:37 systemd-private-b87efd85b33247fc876533eff17301e7-upower.service-s6LBes drwxrwxrwt. 15 root root system_u:object_r:tmp_t:s0 4096 Apr 8 00:00 . [root@broken_controller ~]# ls -ldZ /var/tmp drwxrwxrwt. 4 root root system_u:object_r:container_file_t:s0 246 Apr 7 11:45 /var/tmp
Pushing a patch on Master - should prevent this issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenStack Platform 16.1.6 bug fix and enhancement advisory), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2097