Bug 213930 - Startup fails with tmpfs state
Startup fails with tmpfs state
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karl MacMillan
Martin Jenner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-03 15:24 EST by Bill Nottingham
Modified: 2014-03-16 23:03 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-24 19:47:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2006-11-03 15:24:13 EST
Description of problem:

If you enable TEMPORARY_STATE in /etc/sysconfig/readonly-root, tmpfs
is used for various temporary state on the system (/tmp, /var/tmp, /var/lib/xen,
etc.)

If you do this, xen fails to start, claiming:

IOError: [Errno 2] No usable temporary directory found in ['/tmp', '/var/tmp',
'/usr/tmp', '/' ]

audit logs show:

audit(1162585306.009:45): avc:  denied  { search } for  pid=3191 comm="python"
name="tmp" dev=tmpfs ino=6716 scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
audit(1162585306.009:46): avc:  denied  { search } for  pid=3191 comm="python"
name="tmp" dev=tmpfs ino=6816 scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
audit(1162585306.009:47): avc:  denied  { search } for  pid=3191 comm="python"
name="tmp" dev=tmpfs ino=6816 scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
audit(1162585306.009:48): avc:  denied  { write } for  pid=3191 comm="python"
name="/" dev=dm-0 ino=2 scontext=system_u:system_r:xend_t:s0
tcontext=system_u:object_r:root_t:s0 tclass=dir

Version-Release number of selected component (if applicable):

xen-3.0.3-0.1.rc3
selinux-policy-2.4.1-3.fc6

Additional info:

'/'? As a temp dir???
Comment 1 Stephen Tweedie 2006-11-03 16:36:11 EST
On a normal system:

# ls -lZd /var/lib/xen
drwxr-xr-x  root root system_u:object_r:xend_var_lib_t /var/lib/xen

but from the look of the logs above, you've got the tmpfs /var/lib/xen mounted
with context system_u:object_r:tmp_t.  So I'm not surprised if policy fails!

Is it possible to mount that dir with the correct context and try again?
Comment 2 Bill Nottingham 2006-11-03 16:48:19 EST
/var/lib/xen is system_u:object_r:xend_var_lib_t. It's /tmp that's tmp_t.
Comment 4 Karl MacMillan 2007-04-02 16:46:14 EDT
/tmp should be tmp_t. What is the normal tmp directory for xen? What directories
are mounted as tmpfs when this is set and do any paths become symlinks?
Comment 5 Daniel Walsh 2007-04-02 17:04:38 EDT
Ok adding policy to allow xend to create /tmp files xend_tmp_t.

selinux-policy-2.4.6-50
Comment 6 Red Hat Bugzilla 2007-07-24 20:02:20 EDT
change QA contact
Comment 7 Daniel Berrange 2007-09-24 19:47:39 EDT
Closed based on comment #5 indicating policy is fixed.

Note You need to log in before you can comment on or make changes to this bug.