Description of problem: multipathd can't create map at startup time when selinux is enabled. Version-Release number of selected component: device-mapper-multipath-0.4.7-5.2 selinux-policy-2.4.3-8.el5 How reproducible: Always Steps to Reproduce: 1. Prepare multipath device and exclude it from blacklist of /etc/multipath.conf 2. Enable selinux 3. Start multipathd # /etc/init.d/multipathd start Actual results: Multipath map isn't created, even though it is created when multipath command is executed. ------------------------------------------------------------------------ [root@nec-tx7-1 ~]# dmsetup ls No devices found [root@nec-tx7-1 ~]# /etc/init.d/multipathd start Starting multipathd daemon: [ OK ] [root@nec-tx7-1 ~]# dmsetup ls No devices found [root@nec-tx7-1 ~]# multipath create: disk2 (1NEC_iStorage_2000_000000092680024600002) NEC,iStorage 2000 [size=67G][features=0][hwhandler=0] \_ round-robin 0 [prio=1][undef] \_ 4:0:0:2 sdg 8:96 [undef][ready] \_ round-robin 0 [prio=1][undef] \_ 5:0:0:2 sdh 8:112 [undef][ready] [root@nec-tx7-1 ~]# dmsetup table disk2: 0 139841536 multipath 0 0 2 1 round-robin 0 1 1 8:96 1000 round-robin 0 1 1 8:112 1000 [root@nec-tx7-1 ~]# ------------------------------------------------------------------------ Expected results: Multipath map should be created when multipathd is started. Additional info: "scsi_id" and "net_admin" seem to be prevented to access from multipathd by selinux. /var/log/messages and /var/log/audit/audit.log of when multipathd is started with "-v3" option are attached.
Created attachment 141388 [details] /var/log/messages
Created attachment 141389 [details] /var/log/audit/audit.log
This is the same issue as bz #215001 (except for RHEL5). The selinux policy fix is in selinux-policy-2.4.3-10. I have changed the multipath, rpm to create /var/lib/multipath on installation, so that it will work better with SELinux.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Marking as CURRENT RELEASE since comments #5 indicates it is fixed in 5.0 GA.